martinkozina Posted February 6, 2019 ID:1297128 Share Posted February 6, 2019 Hello, last week I have found 3 different processes bumping my CPU up to 100%. All of them were located in the temp folder but were named lsass.exe svchost.exe and nv… .exe. I figured they were not windows processes because they weren't located in the system32 folder and were run alongside the real processes. I have managed to eliminate them through Malwarebytes but I noticed my computer was still acting weird by asking for my onedrive and outlook password all the time. I was also unable to reactivate windows defender (even before I installed Malwarebytes), I kept getting a message that this is controlled by my IT administrator which doesnt make sense because Its a personal laptop. Also today my Facebook account got hacked and deleted so it raised my suspicion that there are definetly some left overs. If you could please provide assistance I would be forever grateful, just want my laptop back. Thank you! Link to post Share on other sites More sharing options...
nasdaq Posted February 7, 2019 ID:1297290 Share Posted February 7, 2019 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Lets have a look at it. Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click Attach this file.Click the Add reply button. === Please post the logs for my review. Wait for further instructions Link to post Share on other sites More sharing options...
martinkozina Posted February 8, 2019 Author ID:1297515 Share Posted February 8, 2019 Thank you for the response. Here are the logs. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
nasdaq Posted February 9, 2019 ID:1297621 Share Posted February 9, 2019 Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Please post the Fixlog.txt and let me know if the problem persists. fixlist.txt Link to post Share on other sites More sharing options...
martinkozina Posted February 10, 2019 Author ID:1297886 Share Posted February 10, 2019 The problem seems to be resolved, I am able to access windows defender fully again, I assume it is safe to reinstall google chrome aswell? Here is the fixlog. Thank you for you time and help! Fixlog.txt Link to post Share on other sites More sharing options...
nasdaq Posted February 11, 2019 ID:1298045 Share Posted February 11, 2019 Hi, Yes but from the Google site. https://www.google.com/chrome/ Glad we could help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 27, 2019 Root Admin ID:1300907 Share Posted February 27, 2019 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts