Android8888

Hello brighteyesss and I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear. Your FRST logs are clean. We will run a fix script just for some tidy up. First, enable System Restore. http://www.thewindowsclub.com/system-restore-disabled-turn-on-system-restore-windows Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; In your next reply, please copy and paste the entire contents of Fixlog.txt and also from the RogueKiller log file (RKlog.txt) for my review. What issues or concerns are you having with the computer? Thank you. Android8888 fixlist.txt

Hummm... that is strange, the fix stopped for some reason. Please restart the computer in Safe Mode with Networking re-run the Fix script and post the Fixlog.txt If the error persists, restart in Normal Mode, re-run FRST and post a new set of logs (FRST.txt and Addition.txt) for my review. Thank you. Android8888

Hello GuyboR. Okay, please delete the previous fixlist.txt file from your computer and download the attached fixlist.txt file in to the same location where FRST.exe is located (computer Desktop). Re-run FRST and click the Fix button. If that doesn't work and the same error persists, delete the FRST.exe file, then download a new one from here (64-Bit Version) and move it to your computer Desktop. Now try to run the Fix script again and post the Fixlog.txt. Let me know how you get on. Android8888 fixlist.txt

Hello GuyboR. Sorry for the delay. Please, follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Note: After restart, the computer will run a Disk Check. Please be patient. Next, Download AdwCleaner and move it to your computer Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Clear the cache, cookies and history of Google Chrome: Google Chrome https://support.google.com/accounts/answer/32050?hl=en Reset Google Chrome settings to default: Google Chrome https://support.google.com/chrome/answer/3296214?hl=en In your next reply please attach the Fixlog.txt and the AdwCleaner clean log. How is the computer running at this point? Any issues or concerns? fixlist.txt

Hello GuyboR and I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear. Please follow the instruction on the thread below, download MBAR to your computer Desktop and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you managed to run the scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder in your next reply. Thank you. Android8888

Hello randb and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Please read the instructions carefully, I strongly suggest you DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed, otherwise you can worsen the situation rather than solve it. Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator). Please run one scan at a time. Once started the malware removal process has to be completed in order to ensure the success of the clean-up. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware. Now, follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Note: The Addition.txt log shows some Code Integrity errors. The system will run a Disk Check after reboot in order to correct these errors. Please be patient. Next, Download Malwarebytes AdwCleaner and move it to your computer Desktop. Right-click on AdwCleaner.exe and select Run as Administrator. Accept the EULA (I accept), then click on Scan. Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes. Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it. After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. In your next reply please attach the following logs: Fixlog.txt; AdwCleaner clean log; Malwarebytes log. How is the computer running now? Are you still getting those default startup pages in Chrome? Thank you. Rui fixlist.txt

Hello Autumnleaves. I wish you a prosperous and Happy New Year! Again, I apologize for the delay. I have had some health problems in the family and I missed your reply. Please let me know if you still need help with your computer. Thank you. Android8888

I'm glad to hear those news! To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Keep your AntiVirus program up-to-date. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A tutorial on using MBAM can be found here and a complete guide here Please Note:[/color] Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Vulnerabilities in programs are often exploited in order to install malware on your PC. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing and stay safe. Android8888

Hi dca2846. Thank you for providing me the logs. Good! ESET cleaned all the threats it found. At this stage your computer appear to be clean and malware free. Now I suggest you run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. After doing that you can now remove the tools we used in this clean-up by running DelFix. It's a little program that will remove all tools and delete itself on its own. Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop; Right-click on DelFix.exe and select Run as Administrator; Check the following options : Activate UAC (this option will activate the User Account Control feature). Remove disinfection tools (this option will remove the tools used in the cleaning process). Create registry backup (this option will create a backup from the Windows Registry). Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system). Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection). Once the options mentioned above are checked, click on Run; After DelFix is done running, a log will open. Close it, I don't need to see that log. Are there any issues or concerns with the computer? Android8888

Hello dca2846. Thank you for the logs and information. To make sure the computer is completely clean, please run the following scan with ESET Online Scanner. This is a very thorough scan and it can take several hours to complete but it's worth it. Click on this link to open ESET Online Scanner in a new window. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop. Close all your programs and browsers and disconnect any USB flash drives from the computer. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use. Check mark Download latest version of ESET Online Scanner and click the Accept button. Click Yes to accept any security warnings that may appear. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Please re-enable your antivirus program. Next, Please download Security Analysis by Rocket Grannie from here Save it to your Desktop. Close your security software to avoid potential conflicts. Double click RGSA.exe Click OK on the copyright-disclaimer When finished, a Notepad window will open with the results of the scan. The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere. Please copy and paste the contents of that log in your next reply. Note: If you get a warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk. In your next reply please post the contents of the ESET log (if it produced one), the contents of the SALog.txt and let me know how is the system running at this point. Thank you. Rui

Hello dca2846 and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Please read the instructions carefully, I strongly suggest you DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed, otherwise you can worsen the situation rather than solve it. Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator). Please run one scan at a time. Once started the malware removal process has to be completed in order to ensure the success of the clean-up. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware. Next, Open Google Chrome; Type chrome://extensions in the address bar and press Enter; Click the trash can icon by Search Manager extension; A confirmation dialog appears, click Remove. Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the EULA (I accept), then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please attach the clean log in your next reply. Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. In your next reply please attach the following logs: Fixlog.txt AdwCleaner clean log. Malwarebytes log. How is the system running now? Thank you. Rui fixlist.txt

Hello Autumnleaves. I apologize for the delay. You can uncheck the Beta updates option in Filehippo. From what I understand I presume that you uninstalled Filehippo and CyberLink PowerDVD. Did you removed them through Programs and Features from Windows or with Revo Uninstaller? Revo is a best choice as it deeply search for leftovers so nothing should be left. Now, please read the information in the following link and see if it can help you in setting up and associate a file type with the program that you already used before to open your image files (photos). https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs Next re-run FRST with Administrator privileges, perform a new scan and when finished attach the new set of logs (FRST.txt and Addition.txt) for my review. How are the popups coming from? Do the appear suddenly when the browsers are closed or do the appear when you are navigating on the Internet? Thank you. Rui

Hello Autumnleaves and welcome back! Okay, I will try to answer your questions. What JRT found were some temporary Internet files and two Registry Keys not needed. You don't need to worry about it. Concerning ESET, it may be a false positive as it appears ESET is detecting the Win32/Bundled.Toolbar.Google.D in CCleaner, a popular utility program. ESET has an option to scan for low-level threats such as bundled options in installers. Usually you have to check the box for PUP (Potentially Unwanted Programs) on ESET before scanning in order to find this type of items. So the default is for ESET Online Scanner not to bother with them. Besides, a PUP is not considered malware by itself. Concerning the Malwarebytes blocking issue, please update your Data Base version by running an update. Then restart the computer and let me know if the problem persists. JSON is a short for JavaScript Object Notation, and is a way to store information in an organized, easy-to-access manner, for example in a structure of a file like the log file. Nothing to worry about it. Please re-install the program and remove it using RevoUninstaller Portable to remove all the leftovers (files, folders). SysWOW64 is a special folder that only exist on 64-bit Windows and it is intended to store 32-bit binary files. In the folder name there is the "strange" character combination WOW64 included. WOW64 is a shortening for ”Windows on Windows 64-bit” (can be read as "Windows 32-bit on Windows 64-bit"). It's a emulator that allows 32-bit Windows-based applications to run seamlessly on 64-bit Windows. A compatibility layer is used as an interface between the 32-bit program and the 64-bit operating system. So this folder and the files it contains are legit. This is your Firefox profile backup. It was created when you reset Firefox to default settings. Most likely you don't need it, but you can use it as a back up if you wish, although it is very unlikely that you will need or want it. What is the state of the computer at this point? Is it running well? Any issues? Thank you. Rui

Hi PeregrineKodiak. I'm glad to know that you solved your problem. However there is some more work to do yet. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. You can now delete FRST from your computer and the logs it created (FRST.txt, Addition.txt and Fixlog.txt). Delete also the folder C:\FRST Open AdwCleaner and click on File and Uninstall to remove the tool. Delete also the folder C:\AdwCleaner If all is well below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Keep your AntiVirus program up-to-date. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes updated and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A complete tutorial on using MBAM can be found here and a complete guide here A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Are there any remaining issues or can we close this topic? Rui

Hello PeregrineKodiak. Sometimes ESET stuck on several files. That is normal since it is a very thorough scan. Okay, do not open Chrome yet. Just open Malwarebytes and perform another complete scan. If something is found, quarantine all the items. Next, Open Chrome and see how it goes. While Chrome is open, perform another complete scan with Malwarebytes and attach this log to your next reply. Let me know how you get on. Thank you. Rui

Hi PeregrineKodiak. Please follow the steps below in the order listed. Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Follow the instructions in the thread below and see if it helps solving the detections in Google Chrome. Chrome Secure Preferences detection always comes back Next, Please scan your computer with ESET Online Scanner. Click on this link to open ESET Online Scanner in a new window. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop. Close all your programs and browsers and disconnect any USB flash drives from the computer. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use. Check mark Download latest version of ESET Online Scanner and click the Accept button. Click Yes to accept any security warnings that may appear. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Please re-enable your antivirus program. In your next reply please attach the Fixlog.txt and the ESET log (if it produced one) and let me know in detail what issues persists in your computer. Thank you. Rui fixlist.txt

Hello PeregrineKodiak. Okay, please do the following: Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. Next, Download Malwarebytes AdwCleaner and move it to your Desktop Right-click on adwcleaner_7.0.4.0.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Credits: Aura Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Please read the information at https://www.wikihow.com/Turn-Off-Windows-Defender-in-Windows-10 and try to disable Windows Defender. Then run FRST and attach the two logs (FRST.txt and Addition.txt). To summarize, in your next reply please attach the following logs: The new Malwarebytes log; AdwCleaner clean log; The two Farbar logs (FRST.txt and Addition.txt). Thank you.

Hello @PeregrineKodiak My screen name is Android8888 but if you wish you can call me Rui which is my real name. Please read the instructions in this link I'm infected - What do I do now? , run the requested scans and provide the logs. We need to see that information in order to help you. Thank you. Rui

Hello Autumnleaves. Yes ESET removed the three bundled files of CCleaner and if the result of the last scan that you performed on your own was clean, then you don't need to worry about it anymore. The files that JRT found and removed were temporary Internet files. That's okay. You don't need to worry about it. The crash seems to be related to this program Dell V520 Series Uninstaller. Please go to this Diagnostic tool from Dell http://www.dell.com/support/home/us/en/19/quicktest?~ck=mn and run the test to check for hardware issues. Then go here http://www.dell.com/support/home/us/en/19?app=drivers&~ck=mn and update your printer drivers and check if the problem persists. At this point your computer is clean and free of malware. Now I suggest you run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer. After doing that you can now remove the tools we used in this clean-up by running DelFix. Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop; Right-click on DelFix.exe and select Run as Administrator; Check the following options : Activate UAC (this option will activate the User Account Control feature). Remove disinfection tools (this option will remove the tools used in the cleaning process). Create registry backup (this option will create a backup from the Windows Registry). Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system). Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection). Once the options mentioned above are checked, click on Run; After DelFix is done running, a log will open. I don't need to see the log file. Close and delete it. You can also delete the files and logs that DelFix cannot remove. To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Keep your AntiVirus program up-to-date. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A tutorial on using MBAM can be found here and a complete guide here Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions. A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Are there any remain issues or can we close this topic? Android8888

You're very welcome! Yes you can download it from Piriform, it is safe. Okay read the instructions here https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them to backup and restore your Mozilla Firefox bookmarks. Now please do a backup of your bookmarks and save the file to your Desktop or in a place where you can easily remember. Then follow the instructions in post #11 and completely remove Mozilla Firefox by using Revo. Go to C:\Program Files (x86) and delete also the folder Mozilla Firefox (if present). Restart the computer. Download a new Firefox Installer.exe from here, save it to your Desktop and reinstall the program. Restore your bookmarks. Test the new Firefox installation and let me know how it goes.

You're welcome!

Hello hazri. Most likely yes. We will try to fix or at least minimize these slow issues. However, keep in mind that a Hard Disk Drive (HDD) with bad blocks means a "sick" HDD. The bad blocks are like "dead" physical zones (clusters) in your HDD and they can't be repaired. They are identified, flagged and placed out of service. If there are many bad blocks, which seems to be the case, it means that your HDD started its end-of-life cycle. When this starts happening on a HDD, most likely will appear more and more so I strongly suggest you backup your data and replace the HDD as soon as you can. Now I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Note: Do not skip any of the steps below. If you have difficulty in performing any step, please let me know. Please download Zoek tool from here and save it to your computer's Desktop. Next, temporarily disable your Security programs so it does not interfere with the scan. Information on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs. Right-click the Zoek.exe file and select Run as administrator to start the tool (Give it a few seconds to appear). Click Yes to accept the User Account Control security warning. Once Zoek window is open, copy and paste the entire script inside the code box below to the input field of Zoek: createsrpoint; autoclean; emptyclsid; emptyffcache; FFdefaults; emptyiecache; iedefaults; emptychrcache; CHRdefaults; emptyalltemp; emptyfolderscheck;delete ipconfig /flushdns;b Close any open Internet Browsers. Click the Run script button, and wait. It takes several minutes to run all the script. When the tool finishes, the zoek-results.log is opened in Notepad. The log is also found on the system drive, normally C:\ If a reboot is needed, the log is opened after the reboot. Note: Please re-enable your Security programs. Please post the zoek-results.log in your next reply. Next, The following procedures can take some time consuming so please be patient. Please download the portable version of Windows Repair from here. Move the compressed file tweaking.com_windows_repair_aio on your computer Desktop, and extract it there; Boot in Safe Mode with Networking; Instructions on how to do it here: Safe Mode with Networking; Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Wait a few seconds and click the I Agree button to accept the End User License Agreement; Next, select the Step 2: (Optional) tab menu; Click on the icon Open Repair Reparse Points; Click on 1. Scan Reparse Points button; Click on 2. Repair Selected button; Close the current window; Now, click the icon Open Repair Environment Variable; Click the button 2. Apply New Paths; Click the button 4. Apply New Paths; Click the button 6. Apply New PathsExt; Click the button 7. Apply Variables; Close the current window; Next, select the Step 4: (Optional) tab menu; Click the Next button to start the scan and repair the System files; Next, Select the + Repairs - Main tab menu; Click the Preset: Common Repairs button (it will open a new window with the repairs already preselected for this option); Click the Start Repairs button and wait until the repairs are complete; If you are being prompted with a Security Warning, allow it to go through; Once the repair is complete, it'll ask you to restart your computer, please do it; In your next reply please attach the zoek-results.log and let me know how is the computer running. Are there any improvements? Thank you. Rui

Thank you, books! Come back whenever you need help... Android8888 (Rui)

Hello Carlos. No. This URL appears to be legit. It belongs to Google Cloud. VirusTotal URLVoid Also see here However, some legit URL's contains tracking cookies to track and monitor users activity on the Internet or even some advertisements and this could be the reason to be listed in MVPS HOSTS file. But that doesn't mean that the URL is considered malicious by itself.

Good! I'm glad to know that! Okay, I already gave you some safety recommendations on my post #27 Are there any issues or concerns or can we close this topic?