blackhole5334

I don’t suspect anything. It’s running much better since the malware was removed and especially since the check disk fix. Thanks a lot again! I wish you well.

It's a laptop. I could be wrong about the hdd, but ever since it was dropped, it has been slow and laggy. I did a clean boot, but it didn't do anything. Was still getting 100% disk at startup and when opening anything. I tried twice. So I ran check disk with the f parameter, and again, no change. So then I ran check disk with the r parameter, and it seems to have done something. It hit 100% on startup, but quickly went down to normal. Thanks a lot for that. So, it's all clean? Is there anything else I should do to be 100% sure there's no malware?

Well, things are good. Except for an unrelated hdd issue, which lags because it runs 100% most times. But I'm almost sure that's because the computer has been dropped before. The popups and other lag issues caused by malware are gone. Here's the fixlog. Fixlog.txt

It's doing much better. I haven't got the cmd prompt at startup in a couple days now. Thank you very much for all your help. I really appreciate what you guys and gals do here. Thank you.

It came back clean. SophosVirusRemovalTool.log

No, you misunderstood. I hadn't tried to run Adwcleaner yet. I tried uninstalling "Browser Assistant", and it released the Powershell trojan again. For reference, there were a total of 4 files, named pssxxxx.ps1. The X's being different for each file. I ran a deep scan with AVG, which came back clean. I also ran MB again, which also came back clean. And I ran Adwcleaner, which found 1 PUP. I attached the Adwcleaner logs. AdwCleaner[C00].txt AdwCleaner[S00].txt

There were 4 total. Sorry I don’t know how to edit message here.

I knew it. I had a feeling this would happen. That’s why I asked you if I should just click uninstall. It released it. I got the “please wait while Windows configured Browser Assistant”, and it took a few mins, then AVG pops up saying “ Threat Blocked We’ve blocked pssEC0B.ps1 because it was infected with IDP.ALEXA.53” Right before that, I had already disconnected from the internet, because it was lagging on that uninstall window. I’m sending this from my phone. I quarantined with AVG.

I went to Add/Remove Apps and I see "Browser Assistant" 21.7MB. This is the app flagged by MB the first time, iirc, or at least 'browser assistant' and 'BA' were in the name. I do not know what this is, and I'm almost sure this is where the trojan came from. Should I just click uninstall or do I need to do something else?

Came up clean. msert.log

It took a while, but finally finished. It found 1 pup, and I don't know what it is. Here's the log. esetlog.txt

I had already done that, yesterday, but I did another. I'm including both reports. The one named 'report' is from today. report 5-9-21.txt report.txt

Okay, so in AVG quarantine was IDP.HEUR.23 file name startmenufix.vbs Location System32\oem and HTML:EvilCursor-B file name This computer is BLOCKED.html Location was in Downloads folder. Since doing the Deep scan 3 Adw named Win32:Mobiame-C was moved from the Recycling Bin to quarantine.

Help, please! I've ran MalwareBytes. 16 items were quarantined, but it's still showing and AVG blocked something named HEUR, but I accidentally clicked too fast because my computer is lagging really bad. I've included the latest FRST logs. Addition.txt FRST.txt