LiquidTension

Hi Chuck, On top of instructions on how to reformat, would you also like a complete step by step guide on backing up, preparation and file restoration?

Hi Chuck, Yes, that's correct. What is the make and model of your computer?

Hello farago77, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems. If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible. Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions. ====================================================== Please consider the following warning, and let me know how you wish to proceed.

I recommend you contact a computer repair store or computer technician and have them check your hardware for faults or issues. We've exhausted all that can be done on this forum.

This would need to be done by a trained technician with physical access to the machine.

As I said, based on everything we've tried, I believe this to be a hardware-related issue, which is not something we can troubleshoot on a forum. I suggest you get a hardware diagnosis in person.

We won't be able to test your RAM then I'm afraid. Unfortunately, we've run out of troubleshooting options. We've confirmed that: - Malware is not the cause. - Your startup programmes are not the cause. - Your Anti-Virus is not cause. - A damaged HDD is not cause. - Corrupted System Files are not the cause. - You have very few programmes installed, narrowing the possibility of a conflict. As you are still experiencing issues, it is likely one or more hardware components are at fault, which is not something we can address here. I would suggest you seek a hardware diagnosis in person. It is worth remembering that this forum is for malware-removal, which we have successfully ruled out. Good luck with your machine.

Download the USB version, unpack the file and follow the on-screen instructions. Upon completion, configure your BIOS to boot from USB and proceed with the instructions.

Apologies, my mistake. Lets check your RAM. MemTest86+ Please download the latest version of MemTest86+ (Windows Downloads: Image for creating bootable CD) and save the file to your Desktop. Right-click on the folder and select Extract All.Click Next, Next, then Finish.Download FreeISOBurner and burn the MemTest ISO to your blank CD or DVD. Once done, configure your computer to boot from CD/DVD. Instructions on how to do this can be found here.If done correctly, MemTest86+ will start to run automatically, as shown below: To be reasonably certain your RAM is OK, allow MemTest to run until you see the following message: To be completely certain your RAM is OK, allow MemTest to run overnight. MemTest will run continuously unless the ESC key is pressed or the power is pulled. Check the MemTest screen for reported errors before rebooting. Errors will appear as RED warnings at the bottom of the screen (as shown in the screenshot below): Press the ESC key to reboot, removing the MemTest disk in the process. Reverse the change made to the boot order. Report the results in your next reply.

We're running out of options here, I'm afraid. Your machine appears free of malware, and I cannot see any reason why your computer is slow. Disable Fast Startup/Hybrid Boot (Windows 8) Press the Windows Key + r on your keyboard at the same time. Type Control Panel and click OK.Click Power Options.Click Choose what the power button does on the left-side menu.Click Change settings that are currently unavailable at the top. Scroll down and remove the checkmark next to Turn on fast startup (recommended) under Shutdown settings.Click Save Changes and close Control Panel.Shut down (Not Restart) the computer, wait a few minutes and then start the computer.Reverse the above, shut down and start up. Any difference?

Hello, Those both look OK. I'd like you to temporarily uninstall avast! and see if that makes a difference. Go ahead and reinstall avast! if there's no change.

Lets check for disc errors and damaged System Files. STEP 1 Normal Boot Press the Windows Key + r on your keyboard at the same time. Type msconfig and click OK.If prompted for an administrator password or for confirmation, type the password, or provide confirmation.In the General tab, click Normal Startup, followed by OK.When prompted, click Restart and boot normally into Windows. STEP 2 CHKDSK Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document. @echo offcmd /c chkdsk c: /f |find /v "percent" >> "%userprofile%\desktop\chkdskresults.txt"del %0Click Format. Ensure Wordwrap is unchecked. Click File, Save As and name the file chkdsk.bat. Select All Files as the Save as type.Save the file to your Desktop. Locate chkdsk.bat (W8/7/Vista) on your Desktop. Right-click the icon and click Run as administrator.CHKDSK may take up to an hour to complete. Allow the programme to run uninterrupted, and do not use your computer during the process. Upon completion, a log (chkdskresults.txt) will be created on your Desktop. Please copy the contents of the log and paste in your next reply. STEP 3 System File Checker (SFC) Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document. sfc /scannowfindstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"notepad %userprofile%\Desktop\sfcdetails.txtClick Format. Ensure Wordwrap is unchecked. Click File, Save As and name the file querysfc.bat. Select All Files as the Save as type.Save the file to your Desktop. Locate querysfc.bat (W8/7/Vista) on your Desktop. Right-click the icon and click Run as administrator.Upon completion, a log (sfcdetails.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply. ====================================================== STEP 4 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. chkdskresults.txtsfcdetails.txt

OK. Lets move on to troubleshooting your slow computer, which would appear to be non-malware related. Clean Boot Press the Windows Key + r on your keyboard at the same time. Type msconfig and click OK.If prompted for an administrator password or for confirmation, type the password, or provide confirmation.In the General tab, click Selective Startup.Remove the checkmark next to Load startup items.Click the Services tab.Place a checkmark next to Hide all Microsoft services.Click Disable all, followed by OK.When prompted, click Restart and boot normally into Windows.Check your computer startup performance, and let me know. Does your computer boot quicker?

Hello, Lets confirm your machine appears free of malware, and we can continue troubleshooting your slow machine. STEP 1 Farbar Recovery Scan Tool (FRST) Script Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document. startHKU\S-1-5-21-3836507902-1137761305-1636406644-1000\...\MountPoints2: {58a718c0-30d3-11e4-9499-f05b0de98943} - F:\AutoRun.exeHKU\S-1-5-21-3836507902-1137761305-1636406644-1000\...\MountPoints2: {58a718df-30d3-11e4-9499-f05b0de98943} - F:\AutoRun.exeHKU\S-1-5-21-3836507902-1137761305-1636406644-1000\...\MountPoints2: {e1cc48cf-30ef-11e4-ae62-5404a66842fe} - F:\AutoRun.exeHKU\S-1-5-21-3836507902-1137761305-1636406644-1000\...\MountPoints2: {ff93eb6e-30ed-11e4-be8c-806e6f6e6963} - F:\AutoRun.exeCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetCMD: bitsadmin /reset /allusersEmptyTemp:endClick File, Save As and type fixlist.txt as the File Name. Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System. Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. STEP 2 Sophos Virus Removal Tool Please download Sophos Virus Removal Tool and save the file to your Desktop.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click the icon and select Run as administrator to run the programme.Click Next.Select I accept the terms in this license agreement, then click Next twice.Click Install.Click Finish to launch the programme.Once the virus database has been updated click Start scanning. If threats are found click Details, followed by View log file.Copy the contents of the log and paste in your next reply.Close the Notepad document, close the Threat Details screen, and click Start cleanup.Click Exit to close the programme. Re-enable your anti-virus software. STEP 3 ESET Online Scan Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. Please download ESET Online Scan and save the file to your Desktop.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.Agree to the Terms of Use once more and click Start. Allow components to download.Place a checkmark next to Enable detection of potentially unwanted applications.Click Hide advanced settings. Place a checkmark next to:Scan archivesScan for potentially unsafe applicationsEnable Anti-Stealth technologyEnsure Remove found threats is unchecked.Click Start.Wait for the scan to finish. Please be patient as this can take some time.Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something unique such as MyEsetScan.Push the Back button.Place a checkmark next to and click .Re-enable your anti-virus software.Copy the contents of the log and paste in your next reply. ====================================================== STEP 4 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. Fixlog.txtSophos logESET Online Scan log

What exactly is "slow"? Boot up/shut down, opening/closing programmes, browsing the Internet, etc? Please be specific.

Hello, Lets try uninstalling Online Armor, and see if the issue persists. Update me on performance once done. STEP 1 Revo Uninstaller Please download and install Revo Uninstaller Free.Double-click Revo Uninstaller to run the programme. From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.Online Armor Firewall​Double-click the programme. When prompted if you want to uninstall click Yes.Ensure the Moderate option is selected and click Next.The programme will run. If prompted again click Yes.Once the built-in uninstaller is finished click Next.Once the programme has searched for leftovers click Next.Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.When prompted click Yes, followed by Next.Click Select all, followed by Delete.When prompted click Yes, followed by Next.Once done click Finish. STEP 2 Verify Windows Firewall is Enabled Press the Windows Key + r on your keyboard at the same time. Type firewall.cpl and click OK.Confirm Windows Firewall is enabled. If not, enable the Firewall. ====================================================== STEP 3 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. Results?

Hello, Your logs are clean. What issues are you currently experiencing?

Hello, Please run the following programmes. When you open each Notepad document, please click Format and ensure Word Wrap is not selected. Attempt to copy/paste the contents into your post. If not, please attach. STEP 1 AdwCleaner Please download AdwCleaner and save the file to your Desktop.Right-Click AdwCleaner.exe and select Run as administrator to run the programme.Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. STEP 2 Junkware Removal Tool (JRT) Please download Junkware Removal Tool and save the file to your Desktop.Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click JRT.exe and select Run as administrator to run the programme.Follow the prompts and allow the scan to run uninterrupted. Upon completion, a log (JRT.txt) will open on your desktop.Re-enable your anti-virus software.Copy the contents of JRT.txt and paste in your next reply. STEP 3 Farbar Recovery Scan Tool (FRST) Scan Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.Right-Click FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. ====================================================== STEP 4 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. AdwCleaner[s0].txtJRT.txtFRST.txtAddition.txt

I'll return with instructions shortly.

If the log is too long, break it in half and use multiple posts.

Hello, Please do not attach logs. Post the logs as plain text in your post. If the log is too long, please split it in half and use multiple posts.

OK. No problem.

Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet. Answers to common security questions - Best Practices by quietman7, MVPHow Malware Spreads - How did I get infected? by quietman7, MVPSimple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVPHow to Prevent Malware by miekiemoes, MVPHow to backup and restore your data using Cobian Backup by YourHighnessSlow Computer/browser? It May Not Be Malware by quietman7, MVP The following programmes come highly recommended in the security community. AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads. Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software. Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you. SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies. Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. -- Please feel free to ask if you have any questions or concerns on computer security or the programmes above. ====================================================== Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. Thank you for using Malwarebytes. Safe Surfing. Adam (LiquidTension).

All Clean! Congratulations, your computer appears clean! I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. STEP 1 ComboFix Uninstall Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:​ComboFix /UninstallPress OK.Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.If the command does not work, please redownload ComboFix to your Desktop and repeat the command. STEP 2 DelFix Please download DelFix and save the file to your Desktop.Double-click DelFix.exe to run the programme.Place a checkmark next to the following items:Activate UACRemove disinfection toolsCreate registry backupCreate system restoreReset system settingsClick the Run button.-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). --- Malwarebytes Anti-Malware will not be removed. I recommend updating and scanning Malwarebytes once a week to maintain security on your computer.

Hello garromd, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems. If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible. Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions. ====================================================== Your FRST logs are clean. Having a slow PC and being redirected are two different things. Please clarify the exact issues you are experiencing. STEP 1 Malwarebytes Anti-Malware (MBAM) If you have not downloaded and installed the updated Malwarebytes Anti-Malware 2.0 please do so now. Open Malwarebytes Anti-Malware and click Update Now.Once updated, click the Settings tab and tick Scan for rootkits.Click the Scan tab, ensure Threat Scan is checked and click Scan Now.Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.Click Copy to Clipboard and paste the log in your next reply. STEP 2 TDSSKiller Scan Please download TDSSKiller and save the file to your Desktop.Right-Click TDSSKiller.exe and select Run as administrator to run the programme.Click Change parameters. Place a checkmark next to Detect TDLFS file system.​Click Start Scan. Do not use the computer during the scan.If objects are found, change the action to skip.Click Continue and close the window.A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply. ====================================================== STEP 3 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. Clarify the issues you are experiencingMBAM logTDSSKiller log