Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: AdwCleanner detect adware  (Read 5724 times)

0 Members and 1 Guest are viewing this topic.

renatinha2018

    Topic Starter


    Starter

    • Experience: Beginner
    • OS: Windows 10
    AdwCleanner detect adware
    « on: November 20, 2018, 11:17:26 PM »
    Hello, I have a problem with my machine, it is slow, so I decided to download and run adwCleanner and it reported the following infections to me. I deleted but I noticed that some mentioned files remain in the directory and were not deleted. What should I do?

    ***** [ Tasks ] *****

    Deleted       C:\Windows\Tasks\Online Application V2G5.job
    Deleted       C:\Windows\Tasks\Online Application V2G4.job
    Deleted       C:\Windows\Tasks\Online Application V2G6.job
    Deleted       C:\Windows\System32\Tasks\c486adfb4a29c5ec7892b1f03b80162b
    Deleted       C:\Windows\System32\Tasks\ErrorFixKIT
    Deleted       C:\Windows\Tasks\Online Application V2G2.job
    Deleted       C:\Windows\Tasks\Online Application V2G3.job
    Deleted       C:\Windows\Tasks\Online Application V2G1.job
    Deleted       C:\Windows\Tasks\Updater_Online_Application.job
    Deleted       C:\Windows\System32\Tasks\Updater_Online_Application

    ***** [ Registry ] *****

    Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    Deleted       HKLM\Software\MICROSOFT\TechnologyDesktopnew
    Deleted       HKLM\SOFTWARE\MICROSOFT\Speedycar
    Deleted       HKLM\Software\Wow6432Node\Microleaves
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD51A354-6FD4-4745-98A7-106F94A30B96}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD51A354-6FD4-4745-98A7-106F94A30B96}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12A60691-24DA-497B-9D4B-23B6D6DE88EF}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12A60691-24DA-497B-9D4B-23B6D6DE88EF}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3069DE66-30A2-4812-BFE3-48738E8C05D3}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3069DE66-30A2-4812-BFE3-48738E8C05D3}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c486adfb4a29c5ec7892b1f03b80162b
    Deleted       HKCU\Software\Microsoft\BigTime
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2608E6E1-03D5-47F4-8598-585BCC87EB8A}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShadowsocksS
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B597A0A-1735-4330-8C01-3256831A6E07}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaCieS
    Deleted       HKLM\Software\Wow6432Node\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
    Deleted       HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
    Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
    Deleted       HKLM\Software\ErrorFixKIT
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7AFF413-F6A2-45A7-B95C-D66F57952A78}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ErrorFixKIT
    Deleted       HKCU\Software\EpicNet Inc.
    Deleted       HKCU\Software\csastats
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Plumbytes Anti-Malware
    Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
    Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CommonToolkitTray_Solvusoft
    Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|CommonToolkitTray_Solvusoft
    Deleted       HKLM\Software\Microsoft\DMunversion
    Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{396BFFBE-20E6-4026-B19D-DB957681453D}
    Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E57FCA0A-052E-4EC2-AA7D-6C8AA5C4E52D}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4FC6F45-CCC6-4A55-8C2B-4E8DB832BC6C}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4FC6F45-CCC6-4A55-8C2B-4E8DB832BC6C}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52B76188-DBE7-4BBF-9C09-4E43B5D2EC32}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B76188-DBE7-4BBF-9C09-4E43B5D2EC32}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5204C58-E652-4180-A3DE-E7130AB21942}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5204C58-E652-4180-A3DE-E7130AB21942}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pandasecurity.mystart.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystart.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
    Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
    Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
    Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
    Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
    Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
    Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15F72B59-D3ED-49AC-813D-E9E79DBFEF7D}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15F72B59-D3ED-49AC-813D-E9E79DBFEF7D}
    Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
    Deleted       HKLM\Software\Plumbytes Software
    Deleted       HKCU\Software\PRODUCTSETUP
    Deleted       HKCU\Software\Solvusoft
    Deleted       HKLM\Software\Wow6432Node\Solvusoft
    Deleted       HKLM\Software\Solvusoft
    Deleted       HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
    Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\WinThruster.exe
    Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinThruster.exe
    Deleted       HKCU\Software\System Healer
    Deleted       HKCU\Software\MICROSOFT\wewewe
    Deleted       HKLM\Software\Wow6432Node\SrcAAAesom Browser Enhancer
    Deleted       HKLM\Software\SrcAAAesom Browser Enhancer
    Deleted       HKCU\Software\WajIEnhance
    Deleted       HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    Deleted       HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    Deleted       HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
    Deleted       HKLM\Software\Microsoft\PrIncub
    Deleted       HKLM\Software\Microsoft\MPrForShutT
    Deleted       HKLM\Software\Microsoft\PrAmNP
    Deleted       HKLM\Software\Microsoft\NSaveA
    Deleted       HKLM\Software\Microsoft\APreSam
    Deleted       HKCU\Software\Lavasoft\Web Companion
    Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
    Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{773A8CA8-3876-4AA1-AB78-EECA231BFF3A}
    Deleted       HKLM\Software\Common Toolkit Suite
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8AC8A37767831AA4BA87EEAC32B1FFA3
    Deleted       HKLM\Software\Classes\Installer\Products\8AC8A37767831AA4BA87EEAC32B1FFA3
    Deleted       HKLM\Software\Classes\Installer\Features\8AC8A37767831AA4BA87EEAC32B1FFA3
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5556309623D8EAC478D3B24F6A68D7B0
    Deleted       HKLM\Software\Classes\Installer\UpgradeCodes\5556309623D8EAC478D3B24F6A68D7B0

    ***** [ Chromium (and derivatives) ] *****

    Deleted       Chrome Cleaner Pro
    Deleted       Chrome Cleaner Pro
    Deleted       MSN Homepage & Bing Search Engine
    Deleted       MSN Homepage & Bing Search Engine
    Deleted       Panda Safe Web
    Deleted       Panda Safe Web
    Deleted       Search Manager

    ***** [ Chromium URLs ] *****

    Deleted       Ask Brasil
    Deleted       Ask Brasil
    Deleted       Ask Brasil
    Deleted       http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
    Deleted       http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
    Deleted       http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
    Deleted       http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
    Deleted       http://www.sweet-page.com/?type=hp&ts=1413550733&from=cor&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
    Deleted       https://bucetas.blog/categoria/brasileirinhas/
    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    Deleted       http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_728_181119


    *************************

    • Delete Tracing Keys
    • Reset Winsock


    *************************

    AdwCleaner[S00].txt - [16218 octets] - [21/11/2018 03:56:48]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    Thank you any advanced

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 998
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: AdwCleanner detect adware
    « Reply #1 on: November 21, 2018, 10:35:53 AM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Download and install: Please download Malwarebytes' scanner to your desktop.
    Double Click mbam-setup.exe to install the application.
    • It should update automatically if the computer is connected to the internet.
    • Click on Threat Scan and click on Scan Now.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
    • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
    • When disinfection is completed you can click on "Copy to Clipboard".
    • Paste the log in you next reply (CTRL+ V)
    *************************************************
    Download Security Check by screen317 from the following link and save it to your desktop.

    Security Check

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    ********************************************
    Please run AdwCleaner again and post the log.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    renatinha2018

      Topic Starter


      Starter

      • Experience: Beginner
      • OS: Windows 10
      Re: AdwCleanner detect adware
      « Reply #2 on: November 21, 2018, 01:04:08 PM »
      Thank you for your prompt response and attention. It follows the malwarebytes log it encountered 116 threats form all quarantined.


      Malwarebytes
      www.malwarebytes.com

      -Detalhes de registro-
      Data da análise: 21/11/2018
      Hora da análise: 17:38
      Arquivo de registro: f6750f92-edc4-11e8-ac91-3497f68ea388.json

      -Informação do software-
      Versão: 3.6.1.2711
      Versão de componentes: 1.0.482
      Versão do pacote de definições: 1.0.7959
      Licença: Versão de Avaliação

      -Informação do sistema-
      Sistema operacional: Windows 10 (Build 14393.2608)
      CPU: x64
      Sistema de arquivos: NTFS
      Usuário: DESKTOP-7UU2GVM\---------\u00c3\u00a3o

      -Resumo da análise-
      Tipo de análise: Análise de Ameaças
      Análise Iniciada Por: Manual
      Resultado: Concluído
      Objetos verificados: 373716
      Ameaças detectadas: 116
      Ameaças em quarentena: 116
      Tempo decorrido: 2 min, 30 seg

      -Opções da análise-
      Memória: Habilitado
      Inicialização: Habilitado
      Sistema de arquivos: Habilitado
      Arquivos compactados: Habilitado
      Rootkits: Desabilitado
      Heurística: Habilitado
      PUP: Detectar
      PUM: Detectar

      -Detalhes da análise-
      Processo: 0
      (Nenhum item malicioso detectado)

      Módulo: 0
      (Nenhum item malicioso detectado)

      Chave de registro: 18
      Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A9A5E827-F7ED-4987-8243-DC3B2A93E37C}_is1, Quarentena, [567], [485109],1.0.7959
      Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [475], [-1],0.0.0
      PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarentena, [6385], [425124],1.0.7959
      PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\TASKENG.EXE, Quarentena, [6385], [425125],1.0.7959
      PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\CSASTATS\ic, Quarentena, [408], [586068],1.0.7959
      Adware.Tuto4PC, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\EWMON, Quarentena, [2782], [411543],1.0.7959
      PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\PRODUCTSETUP, Quarentena, [408], [481004],1.0.7959
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XnrW3hoDOzjF Updater, Quarentena, [3159], [494177],1.0.7959
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MPrForWeathI, Quarentena, [2782], [572664],1.0.7959
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_B, Quarentena, [2782], [572665],1.0.7959
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_Qn, Quarentena, [2782], [572666],1.0.7959
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Quarentena, [433], [518476],1.0.7959
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreAm, Quarentena, [2782], [572667],1.0.7959
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreIc, Quarentena, [2782], [572668],1.0.7959
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreJ, Quarentena, [2782], [572669],1.0.7959
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreShM, Quarentena, [2782], [572670],1.0.7959
      Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MjNkYWU, Quarentena, [4874], [580236],1.0.7959
      Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YzYwODk5MWEwMDI5N, Quarentena, [475], [488914],1.0.7959

      Valor de registro: 16
      Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
      Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
      Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
      Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
      Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
      Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
      Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
      PUP.Optional.SLOWPCfighter, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEASSOCIATION\NOSTARTPAGEAPPUSERMODELIDS|FIGHTERS.SLOW-PCFIGHTER.UNINSTALL, Quarentena, [1012], [405390],1.0.7959
      PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarentena, [6385], [425124],1.0.7959
      PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarentena, [6385], [425126],1.0.7959
      PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarentena, [6385], [425125],1.0.7959
      Adware.Tuto4PC, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Quarentena, [2782], [411543],1.0.7959
      PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\PRODUCTSETUP|TB, Quarentena, [408], [481004],1.0.7959
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XnrW3hoDOzjF Updater|IMAGEPATH, Quarentena, [3159], [494177],1.0.7959
      Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MjNkYWU|IMAGEPATH, Quarentena, [4874], [580236],1.0.7959
      Adware.Csdimonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|ymxx1adg2cd, Quarentena, [2866], [592870],1.0.7959

      Dados de registro: 11
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{07b1e0e9-123e-4939-b98f-7b923fd63848}|NameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{07b1e0e9-123e-4939-b98f-7b923fd63848}|DhcpNameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3a5013bf-98c4-413a-911b-3c6287a8a803}|NameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3a5013bf-98c4-413a-911b-3c6287a8a803}|DhcpNameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3b997b47-9d5b-4dc6-b795-a29738e98016}|NameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{98e9be1c-19cb-4fb2-add7-5f2ec6d8e1b6}|NameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{98ff3d37-ee13-4ab2-82a7-74e5dca09e0e}|NameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9cfc04c1-9c5c-42ac-b7e0-bf0e24133b6f}|NameServer, Substituído, [3159], [-1],0.0.0
      Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{efea9dcc-eb35-4e26-a58c-759e97cd1f1a}|NameServer, Substituído, [3159], [-1],0.0.0

      Fluxo de dados: 0
      (Nenhum item malicioso detectado)

      Pasta: 14
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\HowToRemove, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\{3D4E0B12-19E6-67AA-747E-42425016BEDA}, Quarentena, [712], [484244],1.0.7959
      Trojan.BitCoinMiner, C:\PROGRAM FILES\SHADOWSOCKS, Quarentena, [567], [485109],1.0.7959
      Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\D2BNS985I5, Quarentena, [2782], [487472],1.0.7959
      Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\UINVN0MU49, Quarentena, [2782], [487472],1.0.7959
      Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm5690.tmp, Quarentena, [475], [511084],1.0.7959
      Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm6F17.tmp, Quarentena, [475], [511084],1.0.7959
      PUP.Optional.MyStart, C:\USERS\-------------------\APPDATA\ROAMING\SEARCH THE WEB, Quarentena, [228], [594135],1.0.7959
      Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm7C8F.tmp, Quarentena, [475], [511084],1.0.7959
      Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm9752.tmp, Quarentena, [475], [511084],1.0.7959
      Adware.Neoreklami.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\ZJVJYDILXTAAIFNHI, Quarentena, [1224], [597936],1.0.7959
      PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata, Quarentena, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0, Quarentena, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CDFGFNCDANFPLMKHEHIJMCENHOKBAAIK, Quarentena, [4618], [443118],1.0.7959

      Arquivo: 57
      PUP.Optional.GoodGame, C:\USERS\-------------------\DESKTOP\GOODGAME EMPIRE.URL, Quarentena, [3884], [261883],1.0.7959
      PUP.Optional.SearchManager, C:\USERS\-------------------\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarentena, [255], [260989],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\cica, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\HowToRemove\HowToRemove.html, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_chmm.dat, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_ff.dat, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_ie.dat, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\install.log, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\lele, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\refe, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\sole.dat, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\sota, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\Sqlite3.dll, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\tora.cfg, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninst.dat, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninst.exe, Quarentena, [712], [484244],1.0.7959
      PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninstp.dat, Quarentena, [712], [484244],1.0.7959
      Trojan.BitCoinMiner, C:\PROGRAM FILES\SHADOWSOCKS\UNINS000.DAT, Quarentena, [567], [485109],1.0.7959
      Trojan.BitCoinMiner, C:\Program Files\Shadowsocks\unins000.exe, Quarentena, [567], [485109],1.0.7959
      Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\D2BNS985I5\up.exe.config, Quarentena, [2782], [487472],1.0.7959
      Adware.Tuto4PC, C:\Users\-------------------\AppData\Local\Temp\D2BNS985I5\up.exe, Quarentena, [2782], [487472],1.0.7959
      Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\UINVN0MU49\up.exe.config, Quarentena, [2782], [487472],1.0.7959
      Adware.Tuto4PC, C:\Users\-------------------\AppData\Local\Temp\UINVN0MU49\up.exe, Quarentena, [2782], [487472],1.0.7959
      Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm5690.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
      Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm6F17.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
      PUP.Optional.MyStart, C:\USERS\-------------------\APPDATA\ROAMING\SEARCH THE WEB\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}.ico, Quarentena, [228], [594135],1.0.7959
      Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm7C8F.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
      Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm9752.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
      Adware.Linkury.Generic, C:\USERS\-------------------\APPDATA\LOCAL\SHAM.DB, Quarentena, [3733], [516191],1.0.7959
      Adware.Wajam.Generic, C:\WINDOWS\IXMIXFACA.IXML, Quarentena, [4874], [580236],1.0.7959
      MachineLearning/Anomalous.100%, C:\WINDOWS\ACABC898A0EA38066A77971B0E7EC412.EXE, Quarentena,
      • , [392687],1.0.7959

      PUP.Optional.WinYahoo, C:\USERS\-------------------\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWM8OJQU.DEFAULT\PREFS.JS, Substituído, [232], [303324],1.0.7959
      PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Substituído, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CDFGFNCDANFPLMKHEHIJMCENHOKBAAIK\0.8_0\REDIRECT.JS, Quarentena, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata\computed_hashes.json, Quarentena, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata\verified_contents.json, Quarentena, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\background.js, Quarentena, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\manifest.json, Quarentena, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\popup.html, Quarentena, [4618], [443118],1.0.7959
      PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\redirect.html, Quarentena, [4618], [443118],1.0.7959
      Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\YZYWODK5MWEWMDI5N, Quarentena, [475], [488914],1.0.7959
      Adware.Csdimonetize, C:\PROGRAM FILES (X86)\XRRX\241267232.EXE, Quarentena, [2866], [592870],1.0.7959
      PUP.Optional.InstallCore.Generic, C:\USERS\-------------------\DESKTOP\ATUBE_CATCHER_0656998135.EXE, Quarentena, [6143], [512134],1.0.7959
      Trojan.BitCoinMiner, C:\PROGRAM FILES (X86)\CORE\VIDEOCARD.EXE, Quarentena, [567], [475355],1.0.7959
      Adware.Csdimonetize, C:\PROGRAM FILES (X86)\XRRX\374534056.EXE, Quarentena, [2866], [592870],1.0.7959
      Adware.Csdimonetize, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-TNFA0.TMP\DAZED.EXE, Quarentena, [2866], [592870],1.0.7959
      PUP.Optional.BundleInstaller, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\BIT401C.TMP.EXE, Quarentena, [422], [601328],1.0.7959
      PUP.Optional.InstallCore.Generic, C:\USERS\ENVIA\DOWNLOADS\ATUBE_CATCHER_0550002805.EXE, Quarentena, [6143], [512134],1.0.7959
      Adware.OxyPumper, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\E7E3Y1C0\O8N5Y3V0.EXE, Quarentena, [4230], [601660],1.0.7959
      Adware.Agent, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-93C8K.TMP\CRSWGVH.DLL, Quarentena, [101], [594543],1.0.7959
      Adware.Csdimonetize, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-NGBU2.TMP\DAZED.EXE, Quarentena, [2866], [592870],1.0.7959
      Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-TFEQP.TMP\SETUP.EXE, Quarentena, [2782], [601384],1.0.7959
      Adware.Zdengo, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\NSUDA27.TMP\KNNUPMGIILB.DLL, Quarentena, [7763], [600697],1.0.7959
      PUP.Optional.WinThruster, C:\WINDOWS\INSTALLER\75209.MSI, Quarentena, [1487], [461217],1.0.7959
      Generic.Malware/Suspicious, C:\USERS\-------------------\DOWNLOADS\BITCOMET_1.44_SETUP.EXE, Quarentena,
      • , [392686],1.0.7959


      Setor físico: 0
      (Nenhum item malicioso detectado)

      Instrumentação do Windows (WMI): 0
      (Nenhum item malicioso detectado)


      (end)



      Security Check answer this for me! Image below

      What should I do?



      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 998
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: AdwCleanner detect adware
      « Reply #3 on: November 21, 2018, 04:57:16 PM »
      Could you please run AdwCleaner again and post the log?
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      renatinha2018

        Topic Starter


        Starter

        • Experience: Beginner
        • OS: Windows 10
        Re: AdwCleanner detect adware
        « Reply #4 on: November 21, 2018, 09:56:55 PM »
        I think it's fixed! Thank you very much

        # -------------------------------
        # Malwarebytes AdwCleaner 7.2.4.0
        # -------------------------------
        # Build:    09-25-2018
        # Database: 2018-11-19.1 (Cloud)
        # Support:  https://www.malwarebytes.com/support
        #
        # -------------------------------
        # Mode: Clean
        # -------------------------------
        # Start:    11-22-2018
        # Duration: 00:00:00
        # OS:       Windows 10 Enterprise 2016 LTSB
        # Cleaned:  2
        # Failed:   0


        ***** [ Services ] *****

        No malicious services cleaned.

        ***** [ Folders ] *****

        No malicious folders cleaned.

        ***** [ Files ] *****

        No malicious files cleaned.

        ***** [ DLL ] *****

        No malicious DLLs cleaned.

        ***** [ WMI ] *****

        No malicious WMI cleaned.

        ***** [ Shortcuts ] *****

        No malicious shortcuts cleaned.

        ***** [ Tasks ] *****

        No malicious tasks cleaned.

        ***** [ Registry ] *****

        No malicious registry entries cleaned.

        ***** [ Chromium (and derivatives) ] *****

        Deleted       Chrome Cleaner Pro
        Deleted       MSN Homepage & Bing Search Engine

        ***** [ Chromium URLs ] *****

        No malicious Chromium URLs cleaned.

        ***** [ Firefox (and derivatives) ] *****

        No malicious Firefox entries cleaned.

        ***** [ Firefox URLs ] *****

        No malicious Firefox URLs cleaned.


        *************************

        • Delete Tracing Keys
        • Reset Winsock


        *************************

        AdwCleaner[S00].txt - [16218 octets] - [21/11/2018 03:56:48]
        AdwCleaner[C00].txt - [13635 octets] - [21/11/2018 03:59:14]
        AdwCleaner[S01].txt - [1471 octets] - [21/11/2018 04:21:40]
        AdwCleaner[C01].txt - [1619 octets] - [21/11/2018 04:21:55]
        AdwCleaner[S02].txt - [1593 octets] - [22/11/2018 02:50:22]

        ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 998
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: AdwCleanner detect adware
        « Reply #5 on: November 22, 2018, 04:51:23 PM »
        ESET Online Scanner
        Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

            Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
            Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

                Enable detection of potentially unwanted applications;
                Scan archives;
                Scan for potentially unsafe applications;
                Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

           

            After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
           

            Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
           

            After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
           


            Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
           


            Once you're done, click on the Back button;
            Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender