100% CPU usage with IDM.

**maxim123** · 09-30-2023, 01:50 PM

Hi, the kaspersky run seems to take a long time. I have stopped it to finish other works, will let it run overnight.

**Malnutrition** · 09-30-2023, 05:46 PM

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

start::
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
C:\Users\Shahil\AppData\Roaming\Amazon 
DeleteKey: HKCU\SOFTWARE\Amazon 
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\Amazon  
DeleteKey: HKCU\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db
DeleteKey: HKCU\SOFTWARE\nwjs
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\nwjs
DeleteKey: HKCU\SOFTWARE\T0
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\T0
C:\Users\Shahil\AppData\Local\Adaware
C:\Users\Shahil\AppData\Local\Amazon
C:\Users\Shahil\AppData\Local\nwjs
C:\Users\Shahil\AppData\LocalLow\T0
File: C:\Program Files (x86)\64BitMailAgent.exe
File: C:\Program Files (x86)\SendCrashReport.exe
File: C:\Program Files (x86)\TrackReview.exe
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::

Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.

[ul]
[li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as admin. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul][/COLOR]

**maxim123** · 10-01-2023, 07:00 AM

here are the KVRT logs
it found 1 malicious program which I clicked delete. but the log files don’t have the recent scan. It only shows the log of yesterday’s incomplete scan.
klr

[ICODE]<Report> <Metadata Version="1" PCID="{FD210BA0-4E3C-341C-4615-CF142017925E}" LastModification="2023.09.30 18:41:33.685" /> <EventBlocks> <Block0 Type="Scan" Processed="312187" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="133405506691873200" Object="" Info="Started" /> <Event1 Action="Scan" Time="133405521838387082" Object="" Info="Finished" /> </Block0> </EventBlocks> </Report> [/ICODE]

klr. enc1 log
[ICODE]咏姛€潧砚逑舷嫌泿嫀泿瞎姖渾€佉娃拖楷Λ彝敥捱呗郦墁萝坜圪挹卢┺圯咿刂葳獟拖湜媶墕寧泦€ 佉洼咻芰捱吝尴掭哲苷谮磷苒拖姥忮舷舷营檴仜瓋€寗溠忮舷舷舷舷迎儉寗呦粬煀彝紝巵拖繚€寠湝妺彝鬃拶蒉拖 ﹢殎嬕娃拖殯潕儐晩嬕娃脱忮舷舷舷舷舷舷营檴仜呦畬泦€佉图寧佂匣唫娨娃苘圻俎拶肿谪俎茇谕蠣崊妼浺屯夕亯€彝紱帩泭嬐侠砚逑舷舷舷舷舷嫌獧妬涋袭寷唨佉瞳姏妼浲匣唫娨娃苘圻俎谵刂葚众纵谕蠣崊妼浺同粘竼亱€槣臣枩泭傑莩紵煪棝瑎偁崊€劻媰兺夕亯€彝寗粈€兞竼佡哿あ籍殯€翈屚侠砚逑舷舷舷舷舷嫌獧妬涊袭寷唨佉图寧佂匣唫娨娃苘圻俎谥字周捃拶弁蠣崊妼浺屯夕亯€彝﹩亞渿妺拖姥忮舷舷舷舷舷舷营檴仜芟畬泦€佉图妰妼浵帉泦€佂匣唫娨娃苘圻俎仝葙挹僮挹尥蠣崊妼浺同粘竼亱€槣臣枩泭傑莩紵煪棝瑎偁崊€劻媰兺夕亯€彝珚儕泭拖姥忮舷舷舷舷舷舷营檴仜巯畬泦€佉瞳啘唩墛寷唨佂匣唫娨娃苘圻俎仝葙挹僮挹尥蠣崊妼浺屯夕亯€彝紱帩泭嬐侠砚逑舷舷舷舷舷嫌獧妬涄袭寷唨佉途殠潕仜唩妺拖粏倞彝捃苒哔拶谳俎谥走儋拖爫厞寷彝掣唩媭槣臣枩泭傑莩紵煪棝瑎偁崊€劻媰兺夕亯€彝拖姥忮舷舷舷舷舷舷营檴仜傧畬泦€佉瞳妰姏妺拖粏倞彝捃苒哔拶谳俎谥走儋拖爫厞寷彝掣唩媭槣臣枩泭傑莩紵煪棝瑎偁崊€劻媰兺夕亯€彝拖姥忮舷舷舷舷舷舷营檴仜叵畬泦€佉瞳啘唩墛寷唨佂匣唫娨娃苘圻俎仝葙坜众棕赝蠣崊妼浺屯夕亯€彝﹩亞渿妺拖姥忮舷舷舷舷永瓋€寗哐忮舷舷永獧妬洯儉寗溠忮永綂焵潧砚?[/ICODE]

**maxim123** · 10-01-2023, 07:00 AM

here are the KVRT logs
it found 1 malicious program which I clicked delete. but the log files don’t have the recent scan. It only shows the log of yesterday’s incomplete scan.
klr

[ICODE]<Report> <Metadata Version="1" PCID="{FD210BA0-4E3C-341C-4615-CF142017925E}" LastModification="2023.09.30 18:41:33.685" /> <EventBlocks> <Block0 Type="Scan" Processed="312187" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="133405506691873200" Object="" Info="Started" /> <Event1 Action="Scan" Time="133405521838387082" Object="" Info="Finished" /> </Block0> </EventBlocks> </Report> [/ICODE]

klr. enc1 log
[ICODE]咏姛€潧砚逑舷嫌泿嫀泿瞎姖渾€佉娃拖楷Λ彝敥捱呗郦墁萝坜圪挹卢┺圯咿刂葳獟拖湜媶墕寧泦€ 佉洼咻芰捱吝尴掭哲苷谮磷苒拖姥忮舷舷营檴仜瓋€寗溠忮舷舷舷舷迎儉寗呦粬煀彝紝巵拖繚€寠湝妺彝鬃拶蒉拖 ﹢殎嬕娃拖殯潕儐晩嬕娃脱忮舷舷舷舷舷舷营檴仜呦畬泦€佉图寧佂匣唫娨娃苘圻俎拶肿谪俎茇谕蠣崊妼浺屯夕亯€彝紱帩泭嬐侠砚逑舷舷舷舷舷嫌獧妬涋袭寷唨佉瞳姏妼浲匣唫娨娃苘圻俎谵刂葚众纵谕蠣崊妼浺同粘竼亱€槣臣枩泭傑莩紵煪棝瑎偁崊€劻媰兺夕亯€彝寗粈€兞竼佡哿あ籍殯€翈屚侠砚逑舷舷舷舷舷嫌獧妬涊袭寷唨佉图寧佂匣唫娨娃苘圻俎谥字周捃拶弁蠣崊妼浺屯夕亯€彝﹩亞渿妺拖姥忮舷舷舷舷舷舷营檴仜芟畬泦€佉图妰妼浵帉泦€佂匣唫娨娃苘圻俎仝葙挹僮挹尥蠣崊妼浺同粘竼亱€槣臣枩泭傑莩紵煪棝瑎偁崊€劻媰兺夕亯€彝珚儕泭拖姥忮舷舷舷舷舷舷营檴仜巯畬泦€佉瞳啘唩墛寷唨佂匣唫娨娃苘圻俎仝葙挹僮挹尥蠣崊妼浺屯夕亯€彝紱帩泭嬐侠砚逑舷舷舷舷舷嫌獧妬涄袭寷唨佉途殠潕仜唩妺拖粏倞彝捃苒哔拶谳俎谥走儋拖爫厞寷彝掣唩媭槣臣枩泭傑莩紵煪棝瑎偁崊€劻媰兺夕亯€彝拖姥忮舷舷舷舷舷舷营檴仜傧畬泦€佉瞳妰姏妺拖粏倞彝捃苒哔拶谳俎谥走儋拖爫厞寷彝掣唩媭槣臣枩泭傑莩紵煪棝瑎偁崊€劻媰兺夕亯€彝拖姥忮舷舷舷舷舷舷营檴仜叵畬泦€佉瞳啘唩墛寷唨佂匣唫娨娃苘圻俎仝葙坜众棕赝蠣崊妼浺屯夕亯€彝﹩亞渿妺拖姥忮舷舷舷舷永瓋€寗哐忮舷舷永獧妬洯儉寗溠忮永綂焵潧砚?[/ICODE]

**maxim123** · 10-01-2023, 07:01 AM

I opened KVRT, and had found the report of the recent scan, but mistakenly deleted it while clicking right click on it.

[ATTACH type=“full”]12736[/ATTACH]

**maxim123** · 10-01-2023, 07:06 AM

Fixlog
[HEADING=1]

Code:

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by Shahil (01-10-2023 12:48:03) Run:2
Running from C:\Users\Shahil\Desktop
Loaded Profiles: Shahil
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
start::
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
C:\Users\Shahil\AppData\Roaming\Amazon
DeleteKey: HKCU\SOFTWARE\Amazon
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\Amazon
DeleteKey: HKCU\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db
DeleteKey: HKCU\SOFTWARE\nwjs
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\nwjs
DeleteKey: HKCU\SOFTWARE\T0
DeleteKey: HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\T0
C:\Users\Shahil\AppData\Local\Adaware
C:\Users\Shahil\AppData\Local\Amazon
C:\Users\Shahil\AppData\Local\nwjs
C:\Users\Shahil\AppData\LocalLow\T0
File: C:\Program Files (x86)\64BitMailAgent.exe
File: C:\Program Files (x86)\SendCrashReport.exe
File: C:\Program Files (x86)\TrackReview.exe
C:\Windows\Temp*.*
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
emptytemp:
Reboot:
End::
[HR][/HR]
Restore point was successfully created.
Processes closed successfully.

“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software” folder move:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software => moved successfully

“C:\Users\Shahil\AppData\Roaming\Amazon” folder move:

C:\Users\Shahil\AppData\Roaming\Amazon => moved successfully
HKCU\SOFTWARE\Amazon => removed successfully
HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\Amazon => not found
HKCU\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db => removed successfully
HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\3643b966-bc28-5bc8-95ff-3d47d66438db => not found
HKCU\SOFTWARE\nwjs => removed successfully
HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\nwjs => not found
HKCU\SOFTWARE\T0 => removed successfully
HKU\S-1-5-21-4291915333-2200026273-1243826419-1001\SOFTWARE\T0 => not found

“C:\Users\Shahil\AppData\Local\Adaware” folder move:

C:\Users\Shahil\AppData\Local\Adaware => moved successfully

“C:\Users\Shahil\AppData\Local\Amazon” folder move:

C:\Users\Shahil\AppData\Local\Amazon => moved successfully

“C:\Users\Shahil\AppData\Local\nwjs” folder move:

C:\Users\Shahil\AppData\Local\nwjs => moved successfully

“C:\Users\Shahil\AppData\LocalLow\T0” folder move:

C:\Users\Shahil\AppData\LocalLow\T0 => moved successfully

========================= File: C:\Program Files (x86)\64BitMailAgent.exe ========================

C:\Program Files (x86)\64BitMailAgent.exe
File is digitally signed
MD5: FA53099C5BE9982A58B41B888C2B35B6
Creation and modification date: 2021-05-06 11:07 - 2021-03-18 20:43
Size: 000497216
Attributes: ----A
Company Name: FOXIT SOFTWARE INC. → Foxit Software Inc.
Internal Name: Courier.exe
Original Name: Courier.exe
Product:
Description: 64Bit MAPI Mail Agent
File Version: 1.0.8.1228
Product Version: 1.0.8.1228
Copyright: Copyright © 2014-2020 Foxit Software Inc. All Rights Reserved.
VirusTotal: VirusTotal

====== End of File: ======

========================= File: C:\Program Files (x86)\SendCrashReport.exe ========================

C:\Program Files (x86)\SendCrashReport.exe
File is digitally signed
MD5: 0D83B827BE2277A438DF1074A7385738
Creation and modification date: 2021-05-06 11:07 - 2021-04-12 02:01
Size: 003095616
Attributes: ----A
Company Name: FOXIT SOFTWARE INC. → Foxit Corporation
Internal Name: SendCrashReport
Original Name: SendCrashReport.exe
Product: SendCrashReport
Description: SendCrashReport
File Version: 10.1.0.924
Product Version: 10.1.0.924
Copyright: Copyright © 2013-2020 Foxit Software Inc. All Rights Reserved.
VirusTotal: VirusTotal

====== End of File: ======

========================= File: C:\Program Files (x86)\TrackReview.exe ========================

C:\Program Files (x86)\TrackReview.exe
File is digitally signed
MD5: CD7CF4BCC61AE27A64B5EC1B2AEAD939
Creation and modification date: 2021-05-06 11:07 - 2021-04-12 02:02
Size: 003220032
Attributes: ----A
Company Name: FOXIT SOFTWARE INC. → Foxit Software Inc.
Internal Name: TrackReview.exe
Original Name: Foxit Track Review
Product: Foxit Track Review
Description: Track Review
File Version: 10.1.4.37623
Product Version: 10.1.4.37623
Copyright: Copyright © 2014-2020 Foxit Software Inc. All Rights Reserved.
VirusTotal: VirusTotal

====== End of File: ======

=========== “C:\Windows\Temp*.*” ==========

C:\Windows\Temp\DESKTOP-AKRBR60-20230930-1730.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20230930-1735.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20230930-1757.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-0310.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1043.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1046.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1046a.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1048.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1225.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1235.log => moved successfully
C:\Windows\Temp\DESKTOP-AKRBR60-20231001-1240.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully

========= End → “C:\Windows\Temp*.*” ========

=========== “C:\WINDOWS\system32*.tmp” ==========

not found

========= End → “C:\WINDOWS\system32*.tmp” ========

=========== “C:\WINDOWS\syswow64*.tmp” ==========

not found

========= End → “C:\WINDOWS\syswow64*.tmp” ========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13897223 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 81492760 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 1143487641 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Shahil => 1949632 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:48:51 ====

[/HEADING]

**maxim123** · 10-01-2023, 07:13 AM

Hi, I have to go out rn for some work, will scan with rogue killer and antilogger after I return.

**maxim123** · 10-01-2023, 10:21 AM

Rogue killer log

Code:

Program : RogueKiller Anti-Malware
Version : 15.12.1.0
x64 : Yes
Program Date : Sep 18 2023
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : Support Form | Contact • Adlice Software
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Operating System : Windows 10 (10.0.19045) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Shahil
User is Admin : Yes
Date : 2023/10/01 10:05:46
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 613
Found items : 1
Total scanned : 113265
Signatures Version : 20230928_070539
Truesight Driver : Yes
Updates Count : 9
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
7-Zip 22.01 (x64) (64-bit), version 22.01
[+] Available Version : 23.01
[+] Size : 5.46 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\7-Zip\

AutoHotkey 1.1.33.10 (64-bit), version 1.1.33.10
[+] Available Version : 2.0.10
[+] Wow6432 : No
[+] Portable : No

Subtitle Edit 3.6.0 (64-bit), version 3.6.0.0
[+] Available Version : 4.0.1.0
[+] Size : 27.2 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : d:\Program Files\Subtitle Edit\

Malwarebytes version 4.5.21.231 (64-bit), version 4.5.21.231
[+] Available Version : 4.6.3
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Malwarebytes\Anti-Malware

calibre 64bit (64-bit), version 5.20.0
[+] Available Version : 6.27.0
[+] Size : 355 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Calibre2\

FormatFactory 4.3.0.0 (32-bit), version 4.3.0.0
[+] Available Version : 5.15.0.0
[+] Wow6432 : Yes
[+] Portable : No

OBS Studio (32-bit), version 28.0.3
[+] Available Version : 29.1.3
[+] Wow6432 : Yes
[+] Portable : No

qBittorrent 4.4.0 (32-bit), version 4.4.0
[+] Available Version : 4.5.5
[+] Size : 163 MB
[+] Wow6432 : Yes
[+] Portable : No

VLC media player (32-bit), version 2.2.0
[+] Available Version : 3.0.18
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\VideoLAN\VLC

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************
[Cloud.Generic (Malicious)] (file) msimg32.dll – C:\Users\Shahil\AppData\Roaming\MetaQuotes\Terminal\2191F4A3D14D7B4B1EBB84F924777883\MQL4\Indicators\msimg32.dll → Found

************************* Web Browsers *************************

************************* Antirootkit *************************

**maxim123** · 10-01-2023, 10:29 AM

Originally posted by Malnutrition

Upload Collectionlog.zip to your next reply.

Hi, here is the collection log of autologger.

**Malnutrition** · 10-02-2023, 03:33 PM

I will check these when I get home today.

**Malnutrition** · 10-03-2023, 01:11 AM

Run HijackThis! as admin! (located in the folder …Autologger\HijackThis)
Do a system scan, then check each item below, make sure and only check the items listed.
Then click Fix checked.
The computer will need to reboot, allow it to do so.

Code:

O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MEGA (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O23 - Driver R: (no name) - C:\WINDOWS\System32\drivers\dump_iaStorAVC.sys (file missing)

Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.
AutoLogger\CheckBrowserLnk

Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.
[IMG alt=“move.gif”]https://dragokas.com/tools/move.gif[/IMG]

**Malnutrition** · 10-03-2023, 01:11 AM

Any more issues to speak of?

**maxim123** · 10-03-2023, 05:12 AM

Originally posted by Malnutrition

Look in the Autologger folder and drag out the CheckBrowsersLNK file.

Hi,
[ATTACH type=“full”]12745[/ATTACH]
there is no CheckBrowsersLNK text file.
I moved the debug to Clear LNK and it says no shortcuts here or files don’t exist message. and then it gives error saying
[ATTACH type=“full”]12746[/ATTACH]

**maxim123** · 10-03-2023, 05:13 AM

Originally posted by Malnutrition

Any more issues to speak of?

There are no more issues. Thank you so much.

**Malnutrition** · 10-03-2023, 05:30 AM

I have uploaded the text file for you.
Here, drag and drop this text file onto.
the ClearLNK utility .
After saving ClearLNK to desktop.
[IMG alt=“move.gif”]https://dragokas.com/tools/move.gif

[COLOR=rgb(184, 49, 47)]
So the machine is running well and no more issues. I’ll mark as solved.

We will clean all the tools we used…

Download KpRM
Save to Desktop
Check Delete Tools’
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.

I suggest:
Ublock Origin
O&O Shutup Ten
O&O App Buster[/IMG]

100% CPU usage with IDM.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment