Tech Support Forum banner
Status
Not open for further replies.
1 - 12 of 12 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #1 ·
My computer was suddenly become very slow and up to 60% of the CPU is being used up even when I'm not running intensive programs, is there any way to resolve this?

Backstory:
At points over 20% of the CPU was being used by google chrome alone!! It all began when I was browsing the internet and then when on a particular site it downloaded (without my permission) a file called 'download' into my downloads folder. I hastily deleted this document and continued on browsing. Shortly after my google chrome began displaying the message that my network was not secure (same with incognito when I tried it) as a result i deleted all my history 'since the beginning of time' along with all cookies. However this problem continued so I decided to delete and re install google chrome. When on Internet explorer to re download chrome the same message about security was displayed but when I searched google for a second time it went away. After successfully re installing chrome the problem appeared to be gone but then my computer became a potato:banghead:, I can't emphasise enough how long it took to load things. My computer was using literal GB of RAM for no apparent reason. Also my mouse keeps on freezinf. This has never happened before and I have scanned my computer using ESET NOD32 multiple times. This turned up nothing.

If anyone has any idea what the problem is or how to fix it it will be much appreciated.

Also DDS doesn't seem to work for me, something about compatibility mode, which I am not familiar.
 

·
Registered
Joined
·
1,859 Posts
Hello and Welcome to TSF,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

:arrowr: If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
:arrowr: First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
:arrowr: Please download to and run all requested tools from your Desktop.
:arrowr: Perform everything in the correct order. Sometimes one step requires the previous one.
:arrowr: If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
:arrowr: Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
:arrowr: Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
:arrowr: If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:arrowr: Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
:arrowr: My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
:arrowr: Back up important files before we start.

Now, let's get started, shall we?

Please do the below steps

STEP 1

Please download AdwCleaner from here and save it to your desktop.

:arrowr: Click the green 'Download now @bleepingcomputer' button.
:arrowr: Run AdwCleaner and select Scan
:arrowr: Once the Scan is done, select Clean
:arrowr: Once done it will ask to reboot, please allow the reboot.
:arrowr: On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
:arrowr: Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


:arrowr: Double-click to run it. When the tool opens click Yes to the disclaimer.
:arrowr: Make sure the Addition.txt button is ticked.
:arrowr: Press Scan button.
:arrowr: It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
:arrowr:The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #3 ·
Adwcleaner[C1]
I replaced all sensitive information (names) with '@@@@'




# AdwCleaner v5.201 - Logfile created 10/07/2016 at 00:40:46
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-09.2 [Server]
# Operating system : Windows 8.1 (X64)
# Username : @@@@ - @@@@
# Running from : C:\Users\@@@@\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : wssvc_1.10.0.19

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\abc
[#] Folder Deleted : C:\ProgramData\Application Data\abc
[-] Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
[-] Folder Deleted : C:\Program Files (x86)\coupoon
[-] Folder Deleted : C:\Program Files (x86)\FastSearch
[-] Folder Deleted : C:\Program Files (x86)\Games Bot
[-] Folder Deleted : C:\Program Files (x86)\PRiaceLLeess
[-] Folder Deleted : C:\Users\@@@@\AppData\Local\23738

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : tet3008

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34BE6615-ADA0-46D1-9457-ABE77C82B0AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\coupoon
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7F3D3A28-10F6-44C3-A264-A22CC0C1EE34}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1BB8607F-B9AD-491E-9DC7-7B84CFA5CE18}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{850E0DE7-6F0C-40BA-B45D-D533289FA343}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6C905130-A079-43DA-92C3-99BD141727C8}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BB7B8D1A-6E7D-4618-A1EB-A43A926FE570}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{5C24140E-5AD0-473F-94A2-E54DA3E5AC6D}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [CommonToolkitTray]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\APNMCP
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BackupStack
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SystemUpdatekb70007
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Updater Service for AMZN
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WajamUpdater
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Suite Service

***** [ Web browsers ] *****

[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.FF19Solved", "true");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.FF19Solved", "true");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.FF19Solved", "true");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.FF19Solved", "true");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.UserID", "UN35928975223090386");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.fullUserID", "UN35928975223090386.IN.20130713184902");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.installDate", "13/07/2013 18:49:01");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.installSessionId", "{5E1AC994-8920-49F0-829A-A8D4CFC3CDAC}");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.installSp", "TRUE");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.installerVersion", "1.5.4.4");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.keyword", "true");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.originalHomepage", "about:home");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.originalSearchAddressUrl", "");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.originalSearchEngine", "");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.originalSearchEngineName", "");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.searchRevert", "false");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.searchUserMode", "2");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.versionFromInstaller", "10.16.4.19");
[-] [C:\Users\@@@@\AppData\Roaming\Mozilla\Firefox\Profiles\tbh0ngx1.default\prefs.js] Deleted : user_pref("CT3298566.xpeMode", "0");

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6786 bytes] - [10/07/2016 00:40:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [23416 bytes] - [14/08/2015 13:11:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [21486 bytes] - [14/08/2015 13:16:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [6764 bytes] - [10/07/2016 00:31:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7080 bytes] ##########
 

Attachments

·
Registered
Joined
·
6 Posts
Discussion Starter · #4 ·
I would also like to add that before I read your previous reply I conducted another scan with the latest version of ESET NOD32 and on the scan log EVERY single file either said 'archive damage' or 'error opening'.

Thank you for your assistance so far.
 

·
Registered
Joined
·
1,859 Posts
Hello ReallyNeedHelp_

Thanks for the info. Let's move on.

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

==========================================================

:arrowr: Open Notepad (Start > All Programs > Accessories > Notepad).
:arrowr: Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
:arrowr: Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [112]
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49903;https=127.0.0.1:49903
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-970208564-3092593013-1661473460-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
:arrowr: Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
:arrowr: Click the Fix button just once, and wait.
:arrowr: If you receive a message that a reboot is required, please make sure you allow it to restart normally.
:arrowr: The tool will complete its run after the restart.
:arrowr: When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.


NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #10 ·
Hello Tekir06,

Firstly I would like to apologise for the slow reply, as follows was the content of FixLog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02
Ran by @@@@ (2016-07-14 15:52:45) Run:1
Running from C:\Users\@@@@\Desktop\FRST
Loaded Profiles: @@@@ (Available Profiles: UpdatusUser & @@@@)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [112]
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49903;https=127.0.0.1:49903
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-970208564-3092593013-1661473460-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-970208564-3092593013-1661473460-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-970208564-3092593013-1661473460-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-970208564-3092593013-1661473460-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {EF94D742-0089-45DC-BC5D-FBAB3B39A360}.
Unable to cancel {7D19B277-4ACC-4289-8370-9359C1DF3697}.
Unable to cancel {B347C401-4191-4E01-858B-955112E4B237}.
Unable to cancel {7137CD26-9A7B-45BC-8A59-1D4E9A92A6ED}.
Unable to cancel {C3CE203A-647A-411E-BA89-AE56B68185E9}.
{4050CBA6-DBF4-4DD4-A43E-CFBBD13D2923} canceled.
1 out of 6 jobs canceled.

========= End ofCMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20489142 B
Java, Flash, Steam htmlcache => 157824048 B
Windows/system/drivers => 208975398 B
Edge => 0 B
Chrome => 585247957 B
Firefox => 3524300 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 189304 B
systemprofile32 => 40334 B
LocalService => 92238 B
NetworkService => 660328 B
UpdatusUser => 0 B
@@@@ => 1749570408 B

RecycleBin => 4686717799 B
EmptyTemp: => 6.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:55:56 ====


Thank you for your assistance so far:)
 

·
Registered
Joined
·
1,859 Posts
Hello again,

Sorry for delay and thanks for the log.Please do the below steps. Then tell me How is the machine behaving now? What problems do you still have?

STEP 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

:arrowr: Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
:arrowr: At the end, be sure a checkmark is placed next to the following:


  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

:arrowr: Click Finish.
:arrowr: At the end of the installation, a database update will be performed.
:arrowr: Click on Scan Now.
:arrowr: A Threat Scan will begin.
:arrowr: When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
:arrowr: In most cases, a restart will be required and a prompt will be shown.
:arrowr: Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

:arrowr: After the restart once you are back at your desktop, open MBAM once more.
:arrowr: Click on the History tab > Application Logs.
:arrowr: Double click on the scan log which shows the Date and time of the scan just performed.
:arrowr: Click Export.
:arrowr: Click Text file (*.txt)
:arrowr: In the Save File dialog box which appears, click on Desktop.
:arrowr: In the File name: box type a name for your scan log.
:arrowr: A message box named File Saved should appear stating "Your file has been successfully exported".
:arrowr: Click Ok
:arrowr: Attach that saved log to your next reply.

STEP 2

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.

:arrowr: You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
:arrowr: Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
:arrowr: Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
:arrowr: At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
:arrowr: When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
:arrowr: Tick the option Enable detection of potentially unwanted applications
:arrowr: Click on Advanced settings
:arrowr: Make sure that the option Clean threats automatically is unticked.
:arrowr: Ensure these options are ticked:

  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology

:arrowr: Click Scan
:arrowr: Wait for the scan to finish.
:arrowr: When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
:arrowr: Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
:arrowr: Please copy/paste the contents of the log in your next reply.
:arrowr: To close ESET Online Scanner, select Do not clean then Finish


=======================================================

Things I need to see in your next post:

  • MBAM log
  • ESET log
  • Information about the status of the computer
 
1 - 12 of 12 Posts
Status
Not open for further replies.
Top