-
Posts
4,182 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by LiquidTension
-
-
Good job, Scott.
We can discuss how you can reduce the risk of reinfection once this process is finished.
Lets check for remnants and confirm your machine appears clean.
STEP 1
Malwarebytes Anti-Malware (MBAM)
- Open Malwarebytes Anti-Malware and click Update Now.
- Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
- Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
- Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
- Upon completion of the scan (or after the reboot), click the History tab.
- Click Application Logs and double-click the Scan Log.
- Click Copy to Clipboard and paste the log in your next reply.
STEP 2
ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.- Please download ESET Online Scan and save the file to your Desktop.
- Temporarily disable your anti-virus software. For instructions, please refer to the following link.
- Double-click esetsmartinstaller_enu.exe to run the programme.
- Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
- Agree to the Terms of Use once more and click Start. Allow components to download.
- Place a checkmark next to Enable detection of potentially unwanted applications.
- Click Hide advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Ensure Remove found threats is unchecked.
- Click Start.
- Wait for the scan to finish. Please be patient as this can take some time.
- Upon completion, click . If no threats were found, skip the next two bullet points.
- Click and save the file to your Desktop, naming it something such as "MyEsetScan".
- Push the Back button.
- Place a checkmark next to and click .
- Re-enable your anti-virus software.
- Copy the contents of the log and paste in your next reply.
======================================================
STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.- MBAM Scan log
- ESET Online Scan log
-
That log looks fine.
Thank you for your patience. This is certainly an unusual case.
Farbar Recovery Scan Tool (FRST) Search
- Right-Click FRST64.exe and select Run as administrator to run the programme.
- Type the following text into the Search: textbox:
explorer.*
- Click on the Search File(s) button.
- Upon completion, a log (Search.txt) will be open, and saved in the same location as FRST.exe.
- Copy the contents of the log and paste in your next reply.
-
If you aren't prompted to run after a restart, allow CHKDSK to run within Windows in the Command Prompt.
-
OK. Keep me informed.
Adam
-
Attaching is fine.
-
This is an issue with Internet Explorer.
Please attach the files in your post, or use an alternative browser.
-
There are lots of issues here. I would suggest you backup your important documents now.
CHKDSK- Note: If you have a Solid State Drive (SSD), do not run CHKDSK.
- Click Start and type CMD in the Search Bar. Right-Click CMD.exe and select Run as administrator.
- In the command window type the following and press Enter on your keyboard.
chkdsk c: /x /r
- If you are prompted to schedule CHKDSK to run the next time the computer restarts, type y and press Enter on your keyboard.
- Type Exit and press Enter on your keyboard.
- Restart your computer. CHKDSK will automatically run.
- Note: This process can take up to an hour.
- Press the Windows Key + r on your keyboard at the same time. Type eventvwr.msc and click OK.
- Click Windows Logs.
- Right-click Application and click Find.
- If CHKDSK ran within Windows (you didn't have to restart the computer), type Chkdsk into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
- If CHKDSK ran after a restart, type Winlogon (XP) / Wininit (Vista/7) / Chkdsk (8) into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
- For instructions accompanied by screenshots, please refer to the following article.
-
OK Robbie. Once the machine is clean, and you've changed your passwords, you may feel differently and decide against reformatting. The warning should be considered as a worse case scenario - what's described is a possibility, and can happen, but does not mean it has.
Lets start with the following.
Farbar Recovery Scan Tool (FRST) Scan
- Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
- Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
- Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
- Click Yes to the disclaimer.
- Ensure the Addition.txt box is checked.
- Click the Scan button and let the programme run.
- Upon completion, click OK, then OK on the Addition.txt pop up screen.
- Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
-
Hi Robbie,
Thank you for the log.
Your machine is still infected. Furthermore, due to the nature of one of the infections present on your machine, I must ensure you are aware of the following. Please read the warning below, let me know what you think and how you wish to proceed.
BACKDOOR WARNING
You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, this decision is personal, and down to you and what you're most comfortable with. Please let me know how you wish to proceed, and if you have any questions.
------------------------------
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker remote control over the machine. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information. -
Hello,
That sounds good.
When you connect your external HDD, I suggest you hold the shift key before doing so. Once inserted, run an AV/Malwarebytes scan on the drive and confirm clean.
------------
Can I provide assistance with anything else?
-
Please move on to STEP 3.
-
Hello ryams27, welcome to Malwarebytes' Malware Removal forum!
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.
General P2P/Piracy Notice:
If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.
======================================================
Please read through the points below to ensure this process moves as quickly and efficiently as possible.- Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
- Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
- Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
- Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
- If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
- Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
- Ensure you are following this topic. Click at the top of the page.
======================================================
My work machine has picked up ff5ee.com, which I understand to be a browser hijacker.
Your machine is/was attempting to connect to this site. Malwarebytes is/was blocking this.
It isn't a browser hijacker, it's a symptom of an infection called Poweliks.
Please post the ComboFix log (C:\ComboFix.txt) in your next reply. -
Hello DCMJR, welcome to Malwarebytes' Malware Removal forum!
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.
General P2P/Piracy Notice:
If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.
======================================================
Please read through the points below to ensure this process moves as quickly and efficiently as possible.- Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
- Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
- Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
- Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
- If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
- Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
- Ensure you are following this topic. Click at the top of the page.
======================================================
Due to the nature of one of the infections present on your machine, I must ensure you are aware of the following. Please read the warning below, let me know what you think and how you wish to proceed.
BACKDOOR WARNING
You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, this decision is personal, and down to you and what you're most comfortable with. Please let me know how you wish to proceed, and if you have any questions.
------------------------------
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker remote control over the machine. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information. -
If there's only one version of Adobe Reader listed in your programmes list, then that's OK. You can move on to the next step.
If there are two versions listed, please uninstall the outdated version.
-
Impossible to say without seeing diagnostic logs. Please proceed with TDSSKiller in STEP 2.
-
Hello,
Please skip STEP 1, and move on to STEP 2.
-
Excellent. I'm very pleased to hear, Allison. And you're more than welcome.
You are getting a steak dinner via Paypal as soon as I change all my financial passwords.
Thank you.
I shall mark this topic for closure.
All the best,
Adam -
Hello,
These registry cleaner/optimization programmes are all added by WinZip. They aren't required in order to use the programme; rather, they're bundled with it. I simply suggest you avoid running any of these programmes. Or alternatively, you can delete the files yourself. I'll let you decide.
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
STEP 1
Farbar Recovery Scan Tool (FRST) Script- Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
- Copy the entire contents of the codebox below and paste into the Notepad document.
startC:\Users\JPS\Downloads\7zip-setup.exeC:\Users\JPS\Downloads\flvplayer.zipC:\Users\JPS\Downloads\FreeVideoToAndroidConverter.exe C:\Users\JPS\Downloads\GamingWonderland.exe C:\Users\JPS\Downloads\winzip175.exe C:\Windows\Installer\7a92c711.msi EmptyTemp:end
- Click File, Save As and type fixlist.txt as the File Name.
- Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
- Right-Click FRST64.exe and select Run as administrator to run the programme.
- Click Fix.
- A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
STEP 2
Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.- Adobe Reader (uncheck the "Optional Offer")
- Java (watch out for "Optional Offers" or bundled software)
- Mozilla Firefox
- Follow these instructions to check for and download the latest Windows Updates.
- I recommend installing the latest version of Internet Explorer for added security. The latest version IE can be installed via Windows Update.
STEP 3
Remove Outdated Software- Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
- Search for the following programmes, right-click and click Uninstall one at a time.
- Note: The programmes below may not be present. If this is the case, please skip to the next step.
- Adobe Reader XI
- Java™ 6 Update 25
- Follow the prompts, and reboot if necessary.
STEP 4
Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).- Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar.
- Click on the Java Control Panel. Once opened, click the Security tab.
- Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
- Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes.
- Click OK in the Java Plug-in confirmation window.
- Restart your browser(s) for changes to take effect.
- More information can be found here and here.
STEP 5
Security Check- Please download SecurityCheck and save the file to your Desktop.
- Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
- A log (checkup.txt) will automatically open on your Desktop.
- Copy the contents of the log and paste in your next reply.
======================================================
STEP 6
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.- Fixlog.txt
- checkup.txt
- How is your computer performing? Are there any outstanding issues?
-
No problem at all.
Once your computer is back up and running, you may wish to look into the following:
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.- Answers to common security questions - Best Practices by quietman7, MVP
- How Malware Spreads - How did I get infected? by quietman7, MVP
- Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
- How to Prevent Malware by miekiemoes, MVP
- How to backup and restore your data using Cobian Backup by YourHighness
- Slow Computer/browser? It May Not Be Malware by quietman7, MVP
The following programmes come highly recommended in the security community.
- AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
- CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
- Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus.
- Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
- Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
- NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
- Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
- Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
- SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
- Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
- Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
-
There were only two threats identified in the ESET log.
C:\FRST\Quarantine\C\Users\Allison\Downloads\Adobe_Flash_Setup.exe.xBAD a variant of Win32/InstallCore.RA potentially unwanted applicationC:\TDSSKiller_Quarantine\29.10.2014_08.38.09\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
Both have already been quarantined, and pose no threat to your computer.
These are installers for programmes. The first file being an installer for a Weather programme, and the other four for CCleaner.C:\Users\Allison\AppData\Local\Downloaded Installations\{B73C48EC-B96A-4B38-8EAD-7B1BBA358A97}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Allison\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Allison\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Allison\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Allison\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
They aren't threats, and pose no risk. You can delete the files if you wish, but it won't make a difference.
-
Sounds good.
Lets update your vulnerable software to reduce the risk of reinfection.
STEP 1
Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.- Google Chrome
- Mozilla Firefox
- Follow these instructions to check for and download the latest Windows Updates.
STEP 2
Security Check- Please download SecurityCheck and save the file to your Desktop.
- Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
- A log (checkup.txt) will automatically open on your Desktop.
- Copy the contents of the log and paste in your next reply.
======================================================
STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.- checkup.txt
- How is your computer performing? Are there any outstanding issues?
-
Excellent.
Now for the good news.
All Clean!
Congratulations, your computer appears clean!
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful.
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation.
STEP 1
ComboFix Uninstall- Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
ComboFix /Uninstall
- Click OK.
- Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
STEP 2
DelFix- Please download DelFix and save the file to your Desktop.
- Double-click DelFix.exe to run the programme.
- Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset system settings
- Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
======================================================
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.- Answers to common security questions - Best Practices by quietman7, MVP
- How Malware Spreads - How did I get infected? by quietman7, MVP
- Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
- How to Prevent Malware by miekiemoes, MVP
- How to backup and restore your data using Cobian Backup by YourHighness
- Slow Computer/browser? It May Not Be Malware by quietman7, MVP
The following programmes come highly recommended in the security community.
- AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
- CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
- Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
- Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
- NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
- Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
- Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
- SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
- Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
======================================================
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread.
Thank you for using Malwarebytes.
Safe Surfing.
Adam (LiquidTension). - Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
-
OK. In the meantime, lets update your vulnerable software to reduce the risk of reinfection.
STEP 1
Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.- Java (watch out for "Optional Offers" or bundled software)
- Mozilla Firefox
- Follow these instructions to check for and download the latest Windows Updates.
STEP 2
Remove Outdated Software- Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
- Search for the following programmes, right-click and click Uninstall one at a time.
- Note: The programmes below may not be present. If this is the case, please skip to the next step.
- Java 7 Update 67
- Follow the prompts, and reboot if necessary.
STEP 3
Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).- Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar.
- Click on the Java Control Panel. Once opened, click the Security tab.
- Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
- Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes.
- Click OK in the Java Plug-in confirmation window.
- Restart your browser(s) for changes to take effect.
- More information can be found here and here.
STEP 4
Security Check- Please download SecurityCheck and save the file to your Desktop.
- Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
- A log (checkup.txt) will automatically open on your Desktop.
- Copy the contents of the log and paste in your next reply.
======================================================
STEP 5
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.- checkup.txt
- How is your computer performing? Are there any outstanding issues?
-
I recommend reading the following article: http://www.sevenforums.com/tutorials/219487-clean-reinstall-factory-oem-windows-7-a.html
This explains the process.
I would suggest creating an account at Seven Forums if you have any specific questions, as the techs there are better equipped to answer.
You are more than welcome to ask questions on computer security, programmes, how to reduce the risk of reinfection, etc here.
dllhost.exe com surrogate problem...please help
in Resolved Malware Removal Logs
Posted
Hi Duncan,
Please provide an update on your computer after completing the steps below. Are there any outstanding issues?
STEP 1
Malwarebytes Anti-Malware (MBAM)
STEP 2
ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
======================================================
STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.