# Computer keeps crashing and runs slowly

95 replies to this topic

### #51 winston66

winston66

• Full Member
• 221 posts

Posted 10 April 2017 - 10:38 AM

Hi Android 8888,

I didn't explain the situation properly. When I upgraded to the version 3 of MWB they gave me a 14 day trial of the Premium with real time protection.

That expires in 6 days, so those tips for cross party protection are really useful.

Thanks once again for all your assistance.

Kind regards,

winston66

### #52 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 10 April 2017 - 05:00 PM

Hello winston66.

When I upgraded to the version 3 of MWB they gave me a 14 day trial of the Premium with real time protection.

Keep in mind that using more than one anti-malware or anti-virus program will not conflict with each other if using only one of them for real-time protection and the others as stand-alone on demand scanners.

Whether Windows Defender or Malwarebytes Premium have both real-time protection and that may have been the cause of those crashes.

Are there any questions or concerns?

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #53 winston66

winston66

• Full Member
• 221 posts

Posted 10 April 2017 - 11:21 PM

Hi Android 8888

Everything appears to be running well and I initiate a MWB scan at least once a day.

I'll send a couple of suspicious links to that site you gave to me, to have them checked out. If only to warn other users if there is a problem.

Thanks once again for all the help and advice.

Kind regards.

winston66

### #54 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 11 April 2017 - 04:28 AM

Hello winston66.

Thanks once again for all the help and advice.

You're very welcome. :thumbup:

If there are no more issues or concerns, can I close this topic?

Thank you.

Android 8888.

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #55 winston66

winston66

• Full Member
• 221 posts

Posted 11 April 2017 - 05:49 AM

Hi Android 8888,

Yes, thanks very much and enjoy the sardines and beaches:)

kind regards,

Winston66

### #56 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 11 April 2017 - 07:10 AM

I will enjoy them, thanks. :bubble:

Regards,

Android 8888

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #57 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 11 April 2017 - 07:11 AM

Reopened...

Edited by Budfred, 13 April 2017 - 12:09 AM.
Open topic

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #58 Budfred

Budfred

Malware Hound

• 21,480 posts

Posted 13 April 2017 - 12:10 AM

Reopened at request of topic owner.
Budfred

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

### #59 winston66

winston66

• Full Member
• 221 posts

Posted 13 April 2017 - 01:07 AM

Hi,

I'm afraid I'm still experiencing problems.

http://www.spywarein...s-slowly/page-2

Yesterday I twice when navigating my e mails got a window that opened and visually and audibly told me that I could earn 75 euros by participating in a questionaire purporting to be from Orange, my telephone provider. I was invited to select to enrol and the only way I could exit was by shutting the whole window top right hand corner.

The computer kept shutting down rather than going into sleep mode and when I ran MWB it crashed. I tried ADWare Cleaner and I enclose the log. After Adware deleted the malware I ran MWB again and it came up clean, as did AdWare a second time.

Is this a new infection or is there something hidden somewhere ?

# AdwCleaner v6.045 - Logfile created 12/04/2017 at 18:54:35
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-11.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : eddie - EH
# Mode: Clean

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

Kind regards,

winston66

I ran another MWB scan which crashed, so I re ran AdwCleaner and it found this:

dwCleaner v6.045 - Logfile created 13/04/2017 at 08:46:50
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-12.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : eddie - EH
# Mode: Scan

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.

*************************

kind regards,

winston66

### #60 Rocket Grannie

Rocket Grannie

SWI Australian Rebel

• 7,902 posts

Posted 13 April 2017 - 06:28 PM

Hello winston66

Android 8888 is away for a few days so I will be helping you.

Once again you have been infected with the program Reimage PC Repair It is pointless for us to keep cleaning your computer if it is going to keep getting reinfected each time. We need to find out where the infection is coming from.

I strongly suggest you remove it.

Next: clean the cache and history and reset your Firefox and Chrome browsers.
Instructions can be found in Post #20
http://www.spywarein...lowly/?p=799910

Next I strongly suggest you download and install Avast anti-virus program to replace Windows Defender. The premium version of MBAM can be run in conjunction with Avast.

Avast.

Please let me know if you have removed uk.ask and if you have installed Avast.
Also let me know if you have purchased the premium version of MBAM?

Rocket Grannie

My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

### #61 winston66

winston66

• Full Member
• 221 posts

Posted 14 April 2017 - 12:35 AM

Hi Rocket Grannie,

I have no extensions on Chrome and could find no trace of ask.com. Is there another location to look at ? I've cleaned the cache and cookies which I do on a daily basis. In fact on this occasion, I cleared everything.

I uninstalled Firefox some time ago, so there shouldn't be any issues there ?

I've re set Chrome.

I have MWB Premium on day 12 of a 14 day free trial.

Windows defender has been running in parallel in Limited Periodic Scanning mode but I believe the problems with MWB crashing recently may have been as the result of a windows update which appears to have re set everything. It is now showing turned off so as not to clash with Avast, which I have now installed.

Avast itself is running in passive mode so as not to clash with MWB.

Unless you advise otherwise, I think when the trial ends of MWB premium, I will revert to my old practice of using it for regular scans and use Avast for every day protection.

As you say, the big issue is where am I picking these viruses up from.

I have recently had problems with my Karcher and have been visiting forums and you tube tutorials to help fix it but presumably as long as I don't click on links this doesn't pose a threat ?

As I mentioned to Android 8888, I also visit investment forums but again unless I click a link then this doesn't pose a problem I believe ?

Kind regards,

winston 66

Edited by winston66, 14 April 2017 - 12:39 AM.

### #62 Rocket Grannie

Rocket Grannie

SWI Australian Rebel

• 7,902 posts

Posted 14 April 2017 - 05:32 PM

Hello winston66

It is not an extension it is a default setting in Chrome. Please navigate to : C:\Users\eddie\AppData\Local\Google\Chrome\User Data\Default\Web data - and delete uk.ask.com
Don't worry if you cannot find it.

Avast itself is running in passive mode so as not to clash with MWB.

Avast does not clash with MBAM. It can and does run in conjunction with MBAM. It is in passive mode because Windows Defender was turned on when it was installed.

To disable passive mode:
Open Avast window (double click on Avast icon on Desktop)
Go to Troubleshooting tab
Find Avast Passive mode and click to expand
Disable Avast Passive Mode
Restart the computer

You will find that you now have a number of protection shields:

File System Shield — Real-time protection against viruses and other malware threats. Scans files as they run on your computer to keep viruses from being able to execute.
Mail Shield — Scans messages and attachments in E-mail/Microsoft Outlook/Exchange for viruses.
Web Shield — HTTP protection (local transparent proxy). Version 4.8 also allows the blocking of URLs. Scans URLs and incoming data for viruses, and aborts connections to the site if one is found.
P2P Shield — Scans P2Pfiles from file share programs.
IM Shield — Instant Messaging protection. (Scanning of files transferred through instant messaging applications)
Script Shield — Scans webpages for malicious scripts, and disables them from infecting your computer, though they can still be used. (for example, a clickable button)
Network Shield — Basic protection against well-known network worms. Acts as an Intrusion Detection System.
Behavior Shield — Reports suspicious behavior by analyzing the behavior of programs.

MBAM
In your situation I would strongly advise you to purchase the premium version. However, this decision is up to you.
Scroll down to find a comparison list of the two versions.

presumably as long as I don't click on links this doesn't pose a threat

This is incorrect. You can become infected just by accessing a site.

Now let's see exactly what is on the computer.

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
:filefind
Reimage

:folderfind
Reimage

:regfind
Reimage
• Click the Look button to start the scan.
• When finished, a Notepad window will open with the results of the scan.
Note: The log can also be found on your Desktop named SystemLook.txt

Rocket Grannie

My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

### #63 winston66

winston66

• Full Member
• 221 posts

Posted 14 April 2017 - 11:50 PM

Hi Rocket Grannie,

I've followed the instructions and the only problem I had was not finding uk.ask.com, although that might be good news !

I ran the scan and here is the result:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:39 on 15/04/2017 by eddie

========== filefind ==========

No files found.

Searching for "Reimage"

Kind regards,

winston66

Edited by winston66, 15 April 2017 - 01:07 AM.

### #64 winston66

winston66

• Full Member
• 221 posts

Posted 15 April 2017 - 01:03 AM

Hi again,

The scan didn't look right so I ran it again:

stemLook 30.07.11 by jpshortstuff
Log created at 07:51 on 15/04/2017 by eddie

========== filefind ==========

No files found.

Searching for "Reimage"
No files found.

========== folderfind ==========

No folders found.

Searching for "Reimage"
No folders found.

========== regfind ==========

[HKEY_CURRENT_USER\SOFTWARE\AVG\PC Tuneup\10.x\Settings]
[HKEY_CURRENT_USER\SOFTWARE\AVG\PC Tuneup\10.x\Settings]
[HKEY_CURRENT_USER\SOFTWARE\AVG\PC Tuneup\10.x\Settings]
[HKEY_CURRENT_USER\SOFTWARE\AVG\PC Tuneup\10.x\Settings]
[HKEY_CURRENT_USER\SOFTWARE\AVG\PC Tuneup\10.x\Settings]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Feeds]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Services\MediaGuide]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Services\MediaGuide]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Microsoft Management Console\Recent File List]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Registration\EDDIE-PC\{90150000-000F-0000-0000-0000000FF1CE}\O365HomePremRetail\EULA]
"18"="SUPPLEMENT TO MICROSOFT SERVICE AGREEMENT
MICROSOFT OFFICE 365 CONSUMER SUBSCRIPTION SERVICE AND SOFTWARE:
MICROSOFT OFFICE 365 UNIVERSITY

Thank you for choosing a Microsoft Office 365 Consumer Subscription.  Your use of the Office 365 Consumer Subscription service and software is governed by the terms and conditions of the Microsoft Service Agreement you agreed to when you signed up for a Microsoft Account (formerly known as Windows Live ID) and the terms and conditions of this Supplement, which with other terms contained in web links listed in this Supplement are an agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates).  A separate license may be presented when installing and using the software on a licensed device.  That separate license controls to the extent of any conflict wit
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\Preferences\AppCompatDisableMSAA]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{A04C06C7-2409-4C9C-A38C-A378958919EA}\RecentItems\{39123DD7-1358-400C-8ABA-F354A1063BB4}]
"DisplayName"="View system resource usage in Task Manager"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{A04C06C7-2409-4C9C-A38C-A378958919EA}\RecentItems\{49A9F88C-9658-47C3-8E6A-1E0EED7332CC}]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Applications\avgtray.exe]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Applications\avgui.exe]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Extensions\ContractId\Windows.WebAccountProvider\PackageId\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.XboxIdentityProvider\CustomProperties]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_MultiTasking_AeroSnapEnabled/Description}"="Arrange windows automatically by dragging them to the sides or corners of the screen"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_MultiTasking_JointResizeEnabled/Description}"="When I resize a snapped window, simultaneously resize any adjacent snapped window"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_MultiTasking_SnapAssistEnabled/Description}"="When I snap a window, show what I can snap next to it"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_MultiTasking_SnapFillEnabled/Description}"="When I snap a window, automatically size it to fill available space"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_Personalize_Color_ColorPrevalence/Description}"="Apply color to Start, taskbar, and Action Center"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_Personalize_Color_EnableTransparency/Description}"="Make Start, taskbar, and Action Center transparent"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_Start_StoreRecentlyOpenedItems/Description}"="Show recently opened items in Jump Lists on Start or the taskbar"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d2a77f2c59f6c0\7b4ee0d0]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Set

Edited by winston66, 15 April 2017 - 01:14 AM.

### #65 Rocket Grannie

Rocket Grannie

SWI Australian Rebel

• 7,902 posts

Posted 15 April 2017 - 06:22 PM

Hello winston66

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

Most of those entries are leftovers from an AVG installation.
Double Click it and when it opens click continue
On the next screen click Run Anyway

Now please navigate to: C:\Users\eddie\Desktop\ReimageRepair.exe and delete ReimageRepair.exe if it is there.

Next: You need to backup your Registry.

First of all create a new folder on the Desktop and give it a name you will remember such as Registry backup.
Press the Windows key +r on your keyboard at the same time. This will open the RUN BOX.
Type regedit
Press Ok
A new Window will open.
Click File
Click Export
Find the folder you just created and click Save.
Give the file a name and click Save.
Move the folder to wherever you want to store it.

Next:

• Press the Windows key +r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
• Copy and Paste the following text inside the quote box below (starting with REGEDIT4) to Notepad. Do NOT copy the word "quote".

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{EC3C99F5-C626-4249-A955-B94DFB9C96E5}]
"AppId"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name"=-
[HKEY_USERS\S-1-5-21-430072569-3085444723-2816121149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{EC3C99F5-C626-4249-A955-B94DFB9C96E5}]
"AppId"=-

• Make sure there are no blank spaces before REGEDIT4 and there should be one blank line at the end.
• Click File at the top and then choose Save As.
• Change Save As Type to All Files.
• Name it fix.reg and save it on your Desktop.
• Double click fix.reg. It will ask you if you want to merge it to the Registry, click Yes.

Finally, please run a scan with MBAM - Avast and AdwCleaner and let me know the results.

Rocket Grannie

My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

### #66 winston66

winston66

• Full Member
• 221 posts

Posted 16 April 2017 - 01:43 AM

Hi Rocket Grannie and happy Easter :)

Thanks for the instructions, which I have completed.

AVG is now removed.

There was no file ReimageRepair.exe found.

I believe I backed up the registry okay. The REGIT4 script was certainly added to the registry but I didn't see what role the folder that I created played in the process ?

The three scans were all clean.

Where are you in Australia ?

kind regards,

winston66

ps I'm sorry but I've just realised I ran the scans without re booting the computer. Will this affect things. I've now rebooted, do I need to re run the scans ?

regards,

winston66

Edited by winston66, 16 April 2017 - 01:50 AM.

### #67 Rocket Grannie

Rocket Grannie

SWI Australian Rebel

• 7,902 posts

Posted 16 April 2017 - 05:33 PM

Hello winston66

happy Easter :)

Thank you and happy easter to you too.

but I didn't see what role the folder that I created played in the process ?

That step was just a precaution in case something went wrong with the regedit fix - you would have been able to restore your Registry to its previous good state. If you look in that folder you will see a copy of your Registry as it was before the fix was run.

Where are you in Australia ?

Queensland.

ps I'm sorry but I've just realised I ran the scans without re booting the computer. Will this affect things. I've now rebooted, do I need to re run the scans ?

No. That was just to reset the Registry.

The three scans were all clean.

Well done! Your computer appears to be clean.

Now let's see if we can keep it that way

First you need to update some programs.

Please uncheck  True Key™ by Intel Security unless you want it.

MBAM is out of date
Click the MBAM icon in the task bar and click "check updates" at the top of the menu.

Windows Live Essentials is out of date
Scroll down and install the program for your Windows version.
Select from the list the programs you want to install.

Next:

Whenever you are asked to name the file/program input: Reimage PC Repair

MBAM

To configure Malwarebytes to treat the PUPs detection as malware:

Open Malwarebytes
On the left pane select "Settings"
Click on the Protection tab
Scroll down a bit until Potential Threat Protection;
Under "Potentially Unwanted Programs (PUPs)" select 'Treat PUPs as malware (recommended)'
Close Malwarebytes.

Note: If it quarantines a program that you want to run click quarantine and re-enable the program. You can also create an exclusion under "Settings"

Under Settings > Scan Schedule > I suggest you set it to scan every 1 hour.

Avast

To adjust the settings for the shields:

Go here and scroll down to the Shield Settings
I suggest you modify the mail and the web shields to block Reimage PC Repair

This firewall is very testing in the beginning with a lot of pop ups asking for permission. However, these pop ups gradually diminish as the firewall learns your preferences.

I strongly suggest you install this firewall if you are using the free version of MBAM.

Also I suggest you use "Firefox" to browse the Web with these add-ons:
NoScript
Better privacy
U Block origin.

Like the Zone Alarm firewall these add-ons can be annoying but they do give you an added layer of protection.

Finally, make regular backups of your file system under System Settings

Please let me know how you get on and if there are any further problems.

Rocket Grannie

My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

### #68 winston66

winston66

• Full Member
• 221 posts

Posted 17 April 2017 - 12:43 AM

Hi Rocket Grannie,

Thanks for the instructions. I used the computer a lot yesterday and it was running really well :)

If clicking on external sites i'm testing the address on Virus Total as a matter of course now.

I've updated Abobe Flash but a window appeared inviting me to install ASK with the two choices "take the Ask search experience on the go" or no thanks and I could only close the window via the top address bar. If ASK is such a security threat why is it being promoted ?

I can't find the location for turning off the "True Key" ?

MBAM was already set up for PUP detection.

I can't find a way to specifically target Reimage in Avast.

Windows essential is no longer available to download and support stopped on 10/01/17. ?

I re booted the computer in any case.

I've re installed Firefox. you recommend using this rather than Chrome ?

I can't find "Better privacy" and the other two suggestions were blocked by Firefox. Shall I allow.

Everything appears to be running really well. I was surprised that the FlashPlayer was out of date as we only installed the latest version the other day ?

Kind regards,

winston66

Edited by winston66, 17 April 2017 - 12:46 AM.

### #69 Rocket Grannie

Rocket Grannie

SWI Australian Rebel

• 7,902 posts

Posted 17 April 2017 - 06:17 PM

Hello winston66

Thanks for the instructions.

You are welcome

I used the computer a lot yesterday and it was running really well :)

That's great.

If clicking on external sites i'm testing the address on Virus Total as a matter of course now.

I suggest you keep a list of every site that you have scanned at VirusTotal that shows its scan results. For Example: site X - Green for clean.
Every time you download a program/file scan it with MBAM and/or Avast before you open it.

My apologies. That link should have taken you  here

Avast
I suggest you set all your shield settings to the maximum setting. If you find it too annoying you can reset them back to their defaults.

Windows Essentials
As it is no longer being supported you will need another e-mail client. Please see here for alternatives

Firefox
I suggest you set Firefox as your default browser. However, I have seldom used Chrome so I am unaware if similar add-ons are available for it.
NoScript
Better Privacy
U Block Origin

I was surprised that the FlashPlayer was out of date as we only installed the latest version the other day ?

Security Analysis was run on 03/30/2017 and it showed flash as out of date.

Once you have discovered how Reimage PC Repair is getting on to your computer you will be able to relax some of these precautionary steps.

Close all running programs and start delfix.exe.
Make sure that all available options are checked.
Click on Run
DelFix should remove all our tools and delete itself afterwards.
I don't need to see the log file.

Any further problems?

Rocket Grannie

My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

### #70 winston66

winston66

• Full Member
• 221 posts

Posted 17 April 2017 - 11:41 PM

Hi Rocket Grannie,

Thanks for the instructions.

I have run delfix and flash.

With windows 10 do I still need a replacement for essentials. My e mail provider is talktalk a UK based telecoms company ?

Everything appears to be running well. I used the computer a lot yesterday and it was running really smoothly.

So thanks for your help and enjoy the late summer/ autumn. It must be nice up where you are when the temps cool down a bit.

Thanks once again and also to Android for his earlier assistance.

Kind regards,

winston66

ps I forgot to mention that my windows defender icon has disappeared from the bottom tool bar but presumably that's because Avast has taken over ?

pps The flash also installed McAfee which I have uninstalled in the control panel

Edited by winston66, 18 April 2017 - 12:04 AM.

### #71 winston66

winston66

• Full Member
• 221 posts

Posted 18 April 2017 - 01:38 PM

Hi Rocket Grannie,

I really do not believe this.

Everything has been running really well today and I used the computer a lot for my normal surfing but also I had th track down a part for a heat pump that has broken.

Then this evening the scrolling seemed a bit jumpy so I ran a Adw Cleaner scan which came back clean and then a MWB scan produced this:

The only apparent thing out of the ordinary was a Java update but it has all the Oracle logos so seemed genuine.

I've got them currently in quarantine.

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1756

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: EH\eddie

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 488687
Time Elapsed: 17 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 85

File: 249
PUP.Optional.MindSpark, C:\USERS\EDDIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_getformsonline.dl.myway.com_0.localstorage, No Action By User, [261], [240305],1.0.1756
PUP.Optional.MindSpark, C:\USERS\EDDIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_getformsonline.dl.myway.com_0.localstorage-journal, No Action By User, [261], [240305],1.0.1756

Edited by winston66, 18 April 2017 - 01:42 PM.

### #72 winston66

winston66

• Full Member
• 221 posts

Posted 18 April 2017 - 02:12 PM

Hi Rocket Grannie,

I just spent some time going through my history and have scanned anything that looks remotely suspect and the Total Virus has come up clean.

regards,

winston66

### #73 Rocket Grannie

Rocket Grannie

SWI Australian Rebel

• 7,902 posts

Posted 18 April 2017 - 05:35 PM

Hello winston66

With windows 10 do I still need a replacement for essentials.

Yes! Because Windows Live is no longer supported it is more likely to be compromised. I strongly suggest you download Thunderbird and use it.

It must be nice up where you are

Um your geography is a bit out. It is nice down where I am.

It is autumn here and yes it is getting cooler at night. 19 degrees Celsius - brrr! :lol:

ps I forgot to mention that my windows defender icon has disappeared from the bottom tool bar but presumably that's because Avast has taken over ?

Yes.

New infections
Okay let's get you cleaned up---again.

Please open MBAM and delete the quarantined entries then reboot the computer.
Now scan with MBAM. It should come up clean.

Please keep scanning regularly with MBAM. This is very important now that your licence has expired because you no longer have real time protection. MBAM will no longer warn you of dubious Web sites or scan the computer unless you do it manually.

Every one of those entries has come from: C:\Users\eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions
I strongly suggest you remove Google Chrome from the computer. I also suggest you do not re-install it but wait to see if you still get infected without it onboard.

To uninstall it:

Run Revo Uninstaller and select Google Chrome
Click Uninstall icon and follow the prompts
When finished choose Scan
Delete all the highlighted Registry items
Click Next
Select all the folders and files listed by Revo
Click Delete
Reboot the computer when Revo is finished.

Please try to retrace your steps from the past few days and see if the computer remains clean.

Please let me know how you get on.

Rocket Grannie

My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

### #74 winston66

winston66

• Full Member
• 221 posts

Posted 18 April 2017 - 09:59 PM

Hi Rocket Grannie,

I ran a full scan of Avast over night and it came up clean.

It's very early morning here at present , so I will fulfill the other tasks a little later on.

Kind regards,

winston66

### #75 winston66

winston66

• Full Member
• 221 posts

Posted 19 April 2017 - 12:09 AM

Hi Rocket Grannie,

Chrome has now been consigned to the history books. As with the AVG it appears that even when uninstall is done through control panel some stuff is left behind.

So in future is it best to uninstall programs using Revo ?

I used to always use Firefox but kept on getting Adobe Flask conflicts, which didn't seem to occur in Chrome. Although I've installed Opera (since uninstalled) I've never used it.

A window just opened from Avast telling me their are 4 items left over from Chrome - do I want to delete them. I will do so.

MWB came up clean.

You say look at my history over the past few days. Could the PUP's have been installed before I noticed any symptoms ?

I will keep you informed and thanks once again for the help.

ps I was never very good at geography and thought you were up in the Brisbane area, which I know is very hot as I follow cricket and the first test is always played there.

kind regards,

winston66

ps I don't really know what Thunderbird does. Is it a security system for e mails ?

regards,

winston66

Edited by winston66, 19 April 2017 - 12:04 PM.

### #76 winston66

winston66

• Full Member
• 221 posts

Posted 19 April 2017 - 11:51 AM

Hi Rocket Grannie,

The Avast window closed before I could tick the box to delete the 4 Chrome items found and I cannot trace them. Will they make a difference ?

I've been quite busy on the PC today and have just ran a scan with ADWC and MWB - both came up clean.

Firefox has been very patchy though. I do not usually set a browser as default, does this affect performance ?

Flash crashed once, which is the problem I used to have with Firefox and at times scrolling was jerky and loading slow. Lots of revolving blue circles in the tabs in the top address bar. At other times it ran as smooth as silk. On one occasion a window opened saying that an open program was affecting Firefox, with a box to tick to resolve it.

I look forward to your commnets on the above.

Kind regards,

winston66

Edited by winston66, 19 April 2017 - 11:51 AM.

### #77 Rocket Grannie

Rocket Grannie

SWI Australian Rebel

• 7,902 posts

Posted 19 April 2017 - 05:40 PM

Hello winston66

So in future is it best to uninstall programs using Revo ?

That is your choice. However, I always use it as most times there are leftovers.

Generally, Flash does not conflict with Firefox. If you prefer to use another browser please download another browser then remove Firefox using Revo and install the new browser.
If you wish to keep using Firefox then:
Please go Tools > Add-Ons > and disable the Flash plug in - then run Firefox and see if this solves the problem.
Please uncheck  True Key™ by Intel Security unless you want it.
NOTE: If you do not see "True Key" then copy the address in the address bar and exit the site - then run a scan with MBAM.
Please reboot the computer after every removal.

Avast
You will find those entries in the Virus Chest. You can delete them from there. For more information please go here and scroll down the page.

You say look at my history over the past few days.

Sorry for the confusion. Please try to go to all the sites that you visited in the time period between when the computer was clean and the time of the scan that found the new infections. One of those sites is where you picked up the latest infection.
I realize it is a pain but please run a quick scan with MBAM after accessing each of these sites.

Thunderbird
Thunderbird is an e-mail client. It is part of the mozilla group as is Firefox.
It is your choice which e-mail client you use. For a list of free programs please see here

Please let me know how you get on.

Rocket Grannie

My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

### #78 winston66

winston66

• Full Member
• 221 posts

Posted 20 April 2017 - 12:35 AM

My last post appears to have disappeared ?

I've uninstalled Flash and it worked much better. There were two versions installed and I'm surprised Revo had to delete them separately.

I've re installed it but it still isn't running smoothly. Even this page isn't scrolling smoothly at times. My computer for some reason has never liked Flash and Firefox/Flash appears to be a regular topic on google. Perhaps google plant the posts on purpose :)

I've got rid of true key and installed Thunderbird.

This is scrolling fine now, so I'll see how it performs during the day.

Thanks once again for the advice.

Kind regards,

winston 66

As an example a site I use a lot www.moneyam.com takes about a minute to load and scroll between pages.

Edited by winston66, 20 April 2017 - 12:50 AM.

### #79 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 20 April 2017 - 08:23 AM

Hello winston66.

I'm back! Rocket Grannie is already informed of this.

Could you please give me your feedback in detail on how is your computer running and what issues still remain on the computer at this point?

Thank you.

Android 8888

Edited by Android 8888, 20 April 2017 - 09:13 AM.

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #80 winston66

winston66

• Full Member
• 221 posts

Posted 20 April 2017 - 09:56 AM

Hi Android 8888,

Trust you had a good trip and thanks to Rocket grannie.

The computer runs intermittently well and not so well. Sometimes pages loading and scrolling of pages is smooth other times slow and jerky. The first few words of this sentence typed in a staggered manner but now its okay the letter appears as I type it and the poor performance tends to occur when there is a whirring noise from the computer. At present it's got its normal barely audible hum and everything seems fine.

I haven't run any scans today, I normally do that between 7 and 8pm.

Kind regards,

winston66

### #81 winston66

winston66

• Full Member
• 221 posts

Posted 20 April 2017 - 10:48 AM

Hi Android 8888,

I just ran Adw Cleaner , MWB and Avast and they all came up clean.

kind regards,

winston66

### #82 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 20 April 2017 - 02:21 PM

Hello winston66.

I just ran Adw Cleaner , MWB and Avast and they all came up clean.

Okay, that is a very good sign.

For now I would suggest you to follow the previous instructions and suggestions of Rocket Grannie and test the computer in the next few days to see how things are going.

Please do not forget to annotate the sites you visit and perform a regular scan with Malwarebytes, AdwCleaner and Avast.

Please keep me posted on how things are going.

Thank you.

Android 8888

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #83 winston66

winston66

• Full Member
• 221 posts

Posted 20 April 2017 - 11:38 PM

Hi Android 8888,

Will do.

Kind regards,

winston66

### #84 winston66

winston66

• Full Member
• 221 posts

Posted 21 April 2017 - 01:16 AM

Hi Android,

I've just dome some early morning surfing to my usual sites and every time I get the whirring sound in the background performance suffers.

It sounds as if a process is kicking in in Firefox, which doesn't seem to occur in Chrome.

I disabled Flash but that didn't make a difference.

Any thoughts as to what could be running. It's as quiet as a mouse now.

regards,

winston66

### #85 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 21 April 2017 - 08:15 AM

Hello winston66.

If you are still using Google Chrome I suggest you be very careful to not get infected again. Rather then Chrome I suggest you download, install and use Opera as it is a very lightweight browser. You can download it here.

I suggest you completely remove your Mozilla Firefox browser using Revo Uninstaller. This is just to test if there is something damaged and which is not working properly in Firefox browser. Then you can reinstall it and see if that solve the problem. Before you do that you will need to save your bookmarks.

You can find instructions on how to do that in the following link:
How to Export and Save Your Bookmarks From Firefox

Now use Revo to completely uninstall Firefox using the following instructions:

Right-click on the icon of Revo Uninstaller and select Run as administrator to run the tool.
Click Yes to accept the User Account Control warning that may appear.
Select Mozilla Firefox and click Uninstall. Follow the instructions to complete the removal process. If it asks to restart the computer at this point, select No.
In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers.
Click on Delete and then click Next. You may have to repeat this to delete all the leftovers (Registry items, files and folders).
Click on the Finish button.

Restart the computer.

Do not re-install Firefox yet.

Now try to navigate on the Internet with the other browsers as you usually do and let me know how is the computer behavior at this point. Are the same issues still happen with the other browsers?

Thank you.

Android 8888

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #86 winston66

winston66

• Full Member
• 221 posts

Posted 21 April 2017 - 09:59 AM

Hi Android 8888,

I had already abandoned Firefox before I saw your post and installed Opera, which works like a dream.

Firefox got to the stage where my newspaper site - Daily Telegraph - wasn't even loading all of the pictures.

Bearing in mind a couple of years ago I used to use Firefox and only stopped because of the Adobe Flash issues I did wonder if there was a loading problem.

However, the plot thickens. I just started some scans the first one being ADW cleaner and it has found ask.com again and signals it from Chrome but I haven't got Chrome ant more ?

I enclose the log, will uninstall Firefox, scan with MWB and Avast and up date you later on.

# AdwCleaner v6.045 - Logfile created 21/04/2017 at 17:46:24
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-21.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : eddie - EH
# Running from : C:\Users\eddie\AppData\Local\Temp\scoped_dir10396_14103\adwcleaner_6.045 (1).exe
# Mode: Clean

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

kind regards,

winston66

### #87 winston66

winston66

• Full Member
• 221 posts

Posted 21 April 2017 - 10:44 AM

Hi again Android,

The MWB and avast Smart scan came up clean.

Just some efficiency issues on Avast.

kind regards,

winston66

### #88 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 21 April 2017 - 12:31 PM

Hello winston66.

I had already abandoned Firefox before I saw your post and installed Opera, which works like a dream.

That's nice! :thumbup:

However, the plot thickens. I just started some scans the first one being ADW cleaner and it has found ask.com again and signals it from Chrome but I haven't got Chrome ant more ?

The entry that AdwCleaner found and deleted was only a remnant of the infection that was left when you uninstalled Chrome. For some reason your Chrome browser was constantly infected so it was a good option to remove it.

The MWB and avast Smart scan came up clean.

This is a good sign. Your computer appears to be clean.

I suggest you keep testing the computer on the next few days as you have done so far to see if everything is running well.

Thank you.

Android 8888

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #89 winston66

winston66

• Full Member
• 221 posts

Posted 21 April 2017 - 11:11 PM

Hi Android 8888,

Thanks for that.

Avast found 4 items that remained after the Chrome/revo uninstall and I was unable to find them in the virus chest.

Could they be the problem and if so how do I find them please.

Also apologies I noticed after I had uninstalled Firefox that I should have set Revo on advanced. It was on moderate. Does this matter.

kind regards.

winston66

Edited by winston66, 22 April 2017 - 04:21 AM.

### #90 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 22 April 2017 - 06:13 AM

Hello.

Avast found 4 items that remained after the Chrome/revo uninstall and I was unable to find them in the virus chest.
Could they be the problem and if so how do I find them please.

No. If they are not there it is because they were removed. To be sure you can try another scan.

Also apologies I noticed after I had uninstalled Firefox that I should have set Revo on advanced. It was on moderate. Does this matter.

No. Firefox was not infected. You just removed it because some application was conflicting with it so any leftover that could have been left will not cause any problem.

Although Opera is a good browser I also suggest you try other browsers such as:

Torch

Maxthon

SeaMonkey

These are excellent and fast browsers as well. Try and see which one fits best your interests and browsing habits without getting infected.

Android 8888

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #91 winston66

winston66

• Full Member
• 221 posts

Posted 22 April 2017 - 06:23 AM

Hi Android 8888,

Thanks for the comments and I'll give those other browsers a go. I like Opera though :)

regards,

winston66

### #92 Android 8888

Android 8888

SWI Malware Tracker

• 1,162 posts

Posted 23 April 2017 - 06:08 PM

Hello winston66.

Okay I will wait for your feedback.

Thank you.

Android 8888

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

### #93 winston66

winston66

• Full Member
• 221 posts

Posted 26 April 2017 - 04:30 AM

Hi Android 8888,

Everything appears to be running normally. I run the three scans each day and they come up clean.

So, I believe we can close the case now and thanks very much for the assistance from you and Rocket Grannie.

kind regards,

winston66

### #94 winston66

winston66

• Full Member
• 221 posts

Posted 27 April 2017 - 08:32 AM

Hi Android 8888,

One other minor query has arisen. I've just tried to open an article and it told me that Adobe Flash is required.

I went to extensions in Opera and there were none.

Does Flash download to a specific browser or to the actual computer for use on any browser ?

And I recall you said that if it is not up to date it can be a security threat. So does that mean if it isn't present it is also a threat. Since I have been using Opera, I haven't had any problems up until now, so what does Flash do please ?

kind regards,

winston66

### #95 Rocket Grannie

Rocket Grannie

SWI Australian Rebel

• 7,902 posts

Posted 27 April 2017 - 05:50 PM

Hello winston66

The Flash Player included in Windows is only for Edge and Internet Explorer
Google Chrome includes its own internal Flash Player
Opera needs to install the Pepper Flash (PPAPI) plugin externally

Note: This is a different plugin to the plugin used with Firefox.

To enable/disable it:

Click on More Tools > Enable Developers Tools
You will see Developers Tools enabled
Click on Developers Tools > Plug-ins

so what does Flash do please ?

Adobe Flash Player (labeled Shockwave Flash in Internet Explorer and Firefox) is freeware software for using content created on the Adobe Flash platform, including viewing multimedia, executing rich Internet applications, and streaming video and audio

For more see here

Rocket Grannie

My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

### #96 winston66

winston66

• Full Member
• 221 posts

Posted 28 April 2017 - 12:30 PM

Hi Rocket Grannie,

Thanks for the info and once again thanks to you and Android 8888 for the assistance.

Kind regards,

winston66

Member of UNITE
Support SpywareInfo Forum - click the button