Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Hard Drive Activity, computer very slow


  • Please log in to reply
13 replies to this topic

#1 Kiwee

Kiwee

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:08:03 AM

Posted 19 October 2016 - 05:58 PM

My computer has become very slow to the point where it is very frustrating to use.  Its been happening over the course of probably 6 months now but I have just been putting up with it.  There is almost constant HDD activity.  I'm still running XP but would like to see if I can fix this up one more time before I upgrade.

 

Thanks

Mike

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:03 PM

Posted 19 October 2016 - 09:29 PM

Use the programs below to clean the computer, remove adware and remove malware. You may already have some of these

programs on your computer...if so...be sure to allow them to update before scanning.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:08:03 AM

Posted 23 October 2016 - 04:39 PM

Malwarebytes has been running for almost 2 days.  File numbers are still ticking over but very slowly.  Is that normal ?

 

Cheers

Mike



#4 buddy215

buddy215

  • Moderator
  • 13,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:03 PM

Posted 23 October 2016 - 05:08 PM

No...that's not normal. Suggest you stop the scan...boot into safe mode with networking and run the scan again. If it runs for more than hour...let me know.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:08:03 AM

Posted 23 October 2016 - 08:15 PM

Been running for 1 hr 20 now.  Objects scanned 54,143  seems to be stuck on that.

 

Mike



#6 buddy215

buddy215

  • Moderator
  • 13,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:03 PM

Posted 24 October 2016 - 03:11 AM

Can you see the location/ name of the file it is stuck on? If so, tell me what it is. Then stop the scan and download

the other three programs while in Safe Mode with Networking and try running scans using those.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:08:03 AM

Posted 24 October 2016 - 03:29 AM

It did carry on after quite some time but incredibly slow.  I stopped it when 5 hrs was up.  I'll run the other scans and see how they go.

 

Thanks



#8 yamcha

yamcha

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:03 PM

Posted 24 October 2016 - 02:38 PM

Perhaps you have too many processes running. Autoruns by Microsoft can stop unwanted tasks from running at startup.

Ask a Mod for help with that also.



#9 RolandJS

RolandJS

  • Members
  • 4,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:02:03 PM

Posted 24 October 2016 - 03:11 PM

I was answering this question indirectly:

"My computer has become very slow to the point where it is very frustrating to use.  Its been happening over the course of probably 6 months now but I have just been putting up with it..."  -- Kiwee

 



Perhaps you have too many processes running. Autoruns by Microsoft can stop unwanted tasks from running at startup...

Adding to yamcha's excellent suggestion, I add:  start with investigating the settings of all security and monitoring background-running programs; such can be too assertively set [especially scanning settings] and/or set for constant logging.  I would not try to tweak Windows Prime services and such - yet.

[I think yamcha also was answering the above from Kiwee.]

 

Amended 10/24 to indicate what was being replied to  :)


Edited by RolandJS, 24 October 2016 - 06:43 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#10 buddy215

buddy215

  • Moderator
  • 13,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:03 PM

Posted 24 October 2016 - 03:31 PM

You guys may not of noticed the scans are being run in safe mode.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:08:03 AM

Posted 25 October 2016 - 05:53 PM

Malwarebytes didn't finish as we talked about.  Log files for the others are below.

 

Thanks !

 

AWDCleaner

 

# AdwCleaner v6.030 - Logfile created 24/10/2016 at 22:04:14
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-23.2 [Server]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Markwell Kennels - MARKWELL-KENNEL
# Running from : E:\Cleanup2016\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files\Burn4Free Toolbar


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\BackWeb.Client.ScriptHelper-7288971
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
[-] Key deleted: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1930 Bytes] - [24/10/2016 22:04:14]
C:\AdwCleaner\AdwCleaner[R0].txt - [12570 Bytes] - [09/08/2014 11:40:45]
C:\AdwCleaner\AdwCleaner[S0] Report.txt - [12932 Bytes] - [09/08/2014 12:24:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [12932 Bytes] - [09/08/2014 11:52:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [2399 Bytes] - [24/10/2016 22:02:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2305 Bytes] ##########
 

 

JRT Scan

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Microsoft Windows XP x86
Ran by Markwell Kennels (Administrator) on Mon 24/10/2016 at 23:05:26.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 30

Successfully deleted: C:\Documents and Settings\Markwell Kennels\Application Data\download manager (Folder)
Successfully deleted: C:\Documents and Settings\Markwell Kennels\Application Data\phoenix (Folder)
Successfully deleted: C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\odpccdgkmiicgocepijnaeihjnjnomca (Folder)
Successfully deleted: C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olakgnkoldmagdblaalodobkmeokmgjj_0.localstorage (File)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0AX53NJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\35DP4SFS (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6PHR1TU4 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9JBUD5OG (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9SR18G7Y (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EX4O96SG (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GQ0JBUM5 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J5T3XMFR (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K2E1B3C4 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROY4AJ8C (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T7OZG5NM (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZRABLV5X (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0AX53NJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\35DP4SFS (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6PHR1TU4 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9JBUD5OG (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9SR18G7Y (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EX4O96SG (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GQ0JBUM5 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\J5T3XMFR (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K2E1B3C4 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ROY4AJ8C (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T7OZG5NM (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZRABLV5X (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 24/10/2016 at 23:11:33.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ESET Scan

 

E:\Eudora\Attach\14032016_xmsii.zip    JS/TrojanDownloader.Agent.OHP trojan    deleted
E:\Eudora\Attach\14032016_xxvie.zip    JS/TrojanDownloader.Agent.OHP trojan    deleted
E:\Eudora\Attach\6594015549.doc    VBA/TrojanDownloader.Agent.APW trojan    cleaned
E:\Eudora\Attach\AUSPOST_41116377.zip    JS/TrojanDownloader.Agent.OIO trojan    deleted
E:\Eudora\Attach\BANK SLIP.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\BANK STATEMENT.rar    a variant of Win32/Injector.AWRJ trojan    deleted
E:\Eudora\Attach\CROMA SECURITY SOLUTIONS GROUP PLC - Order NUM. 0258097037728.zip    JS/TrojanDownloader.Nemucod.KI trojan    deleted
E:\Eudora\Attach\Document 2.zip    JS/TrojanDownloader.Nemucod.LI trojan    deleted
E:\Eudora\Attach\documents.zip    JS/TrojanDownloader.Agent.OIO trojan    deleted
E:\Eudora\Attach\DSC_990341.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Attach\DSC_9903411.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Attach\emailinvoice.537003.zip    Win32/TrojanDownloader.Small.PSD trojan    deleted
E:\Eudora\Attach\emailinvoice.5370031.zip    Win32/TrojanDownloader.Small.PSD trojan    deleted
E:\Eudora\Attach\Invoice 105984  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Attach\Invoice 105984  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Attach\Invoice_OJINV05654_from_tip_top_delivery.rtf    VBA/TrojanDropper.Agent.GJ trojan    deleted
E:\Eudora\Attach\payment receipt.jpeg.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\Payment receipt.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\payment slip.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\Payment Slip.zip    Win32/Spy.KeyLogger.OYM trojan    deleted
E:\Eudora\Attach\payment slip1.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\payment slip2.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\Purchase_Order.zip    Win32/Spy.Zbot.YW trojan    deleted
E:\Eudora\Attach\SKMBT_75114091015230.zip    Win32/PSW.Fareit.A trojan    deleted
E:\Eudora\Attach\Statement Of Account For The Month Of September.zip    a variant of Java/TrojanDropper.Agent.BA trojan    deleted
E:\Eudora\Attach\TT PAYMENT SLIP.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT Remittance copy.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT Remittance copy1.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT.Payment.rar    a variant of Win32/Injector.Autoit.ALK trojan    deleted
E:\Eudora\Attach\_6483918_082660.zip    JS/TrojanDownloader.Nemucod.AZQ trojan    deleted
E:\Eudora\Embedded\DSC_990341.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Embedded\IMG0000002993.zip    Win32/Spy.Zbot.AAU trojan    deleted
E:\Eudora\Embedded\Invoice 199775  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 199775  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 421309  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 421309  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\PIC0029181100.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Setups\FLV player Setup.exe    Win32/Toolbar.Zugo potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,Win32/Toolbar.Conduit.Y potentially unwanted application    deleted
E:\Setups\PDFCreator-1_2_3_setup.exe    Win32/Toolbar.Widgi potentially unwanted application    deleted
 



#12 buddy215

buddy215

  • Moderator
  • 13,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:03 PM

Posted 25 October 2016 - 06:20 PM

You have some serious malware on that computer. Best to start a new topic in the Malware Removal Forum by following the instructions below.

One file is part of this: Added by the W32.Bancorkut@mm worm. W32.Bancorkut@mm is a mass-mailing worm that may download potentially malicious files and steal sensitive information from the compromised computer. NOTE THAT IT SAID IT STEALS SENSITIVE INFO.....

 

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 buddy215

buddy215

  • Moderator
  • 13,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:03 PM

Posted 25 October 2016 - 06:23 PM

Along with the FRST logs I suggest you include the Eset log in the opening post, too.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:08:03 AM

Posted 25 October 2016 - 06:53 PM

Ok will do, thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users