Jump to content


  • Content Count

  • Joined

  • Last visited

About Trigger

  • Rank
    New Member
  1. ditional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017 Ran by jtrig (30-06-2017 20:47:52) Running from C:\Users\jtrig\Desktop Windows 10 Home Version 1607 (X64) (2017-05-16 13:34:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3451796121-2654552730-1334146475-500 - Administrator - Enabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3451796121-2654552730-1334146475-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3451796121-2654552730-1334146475-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-3451796121-2654552730-1334146475-501 - Limited - Disabled) jtrig (S-1-5-21-3451796121-2654552730-1334146475-1001 - Administrator - Enabled) => C:\Users\jtrig ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ace of Spades (HKLM\...\Steam App 224540) (Version: - Jagex Limited) Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden Build and Shoot Launcher 1.2 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC) CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform) Design Tools - 2D Design V2 (HKLM-x32\...\{D2BEB7F1-534E-473F-B547-426A02B60143}) (Version: 2.15 - TechSoft UK Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: - Google Inc.) Hidden Heroes of Might and Magic® IV (HKLM-x32\...\Heroes of Might and Magic IV) (Version: - ) Horizon v2.5.4.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: - Daring Development Inc.) Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) Malwarebytes version (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: - Malwarebytes) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3451796121-2654552730-1334146475-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: - Mojang) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.1 - Notepad++ Team) NVIDIA GeForce Experience (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: - NVIDIA Corporation) NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: - NVIDIA Corporation
  2. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017 Ran by jtrig (administrator) on DESKTOP-RQTKHQ1 (30-06-2017 20:44:35) Running from C:\Users\jtrig\Desktop Loaded Profiles: jtrig (Available Profiles: defaultuser0 & jtrig & Administrator) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a88bf6b18b1da077\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a88bf6b18b1da077\IntelCpHDCPSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a88bf6b18b1da077\IntelCpHeciSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a88bf6b18b1da077\igfxEM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-20] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017
  3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Home x64 Ran by jtrig (Administrator) on 30/06/2017 at 19:52:24.31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30/06/2017 at 19:57:01.14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  4. was on it for about 20 mins before everything frozen and had to restart computer again,.... didnt reopen as wasnt sure what you would say. I have run the software again but my computer is for some reason suffering. Extremely slow loading times and although my connection to the internet is full tabs take a good 5 mins to open... will let you know if it manages to run successfully.
  5. JRT says the following in the cmd. Press any key to continue . . . Requesting restore point...
  6. # AdwCleaner v6.047 - Logfile created 30/06/2017 at 18:46:28 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-29.3 [Server] # Operating System : Windows 10 Home (X64) # Username : jtrig - DESKTOP-RQTKHQ1 # Running from : C:\Users\jtrig\Downloads\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\jtrig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\betterads ***** [ Web browsers ] ***** [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1025 Bytes] - [30/06/2017 18:46:28] C:\AdwCleaner\AdwCleaner[S0].txt - [1510 Bytes] - [30/06/2017 18:45:34] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1171 Bytes] ##########
  7. Windows decided to do a configuration... but anyway it found a fair bit Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/30/17 Scan Time: 6:07 PM Log File: Administrator: Yes -Software Information- Version: Components Version: 1.0.160 Update Package Version: 1.0.2264 License: Trial -System Information- OS: Windows 10 (Build 14393.447) CPU: x64 File System: NTFS User: DESKTOP-RQTKHQ1\jtrig -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 419450 Threats Detected: 28 Threats Quarantined: 24 Time Elapsed: 2 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 Adware.BetterAds.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [6631], [-1],0.0.0 PUP.Optional.ProxyGate, HKU\S-1-5-21-3451796121-2654552730-1334146475-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DragonBoost, Quarantined, [1024], [375419],1.0.2264 Adware.BetterAds.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\winsrcsrv_RASAPI32, Quarantined, [6631], [407460],1.0.2264 Adware.BetterAds.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\winsrcsrv_RASMANCS, Quarantined, [6631], [407460],1.0.2264 Adware.IStartSurf, HKLM\SOFTWARE\WOW6432NODE\MBS_INSTALL, Quarantined, [840], [401921],1.0.2264 Registry Value: 9 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [6631], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-21-3451796121-2654552730-1334146475-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [6631], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-21-3451796121-2654552730-1334146475-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [6631], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-21-3451796121-2654552730-1334146475-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [6631], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Removal Failed, [6631], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-21-3451796121-2654552730-1334146475-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [6631], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [6631], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Removal Failed, [6631], [-1],0.0.0 Adware.IStartSurf, HKLM\SOFTWARE\WOW6432NODE\MBS_INSTALL|CHANNEL, Quarantined, [840], [401921],1.0.2264 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.AnonymizerGadget, C:\USERS\JTRIG\APPDATA\ROAMING\AGDATA, Quarantined, [1597], [338259],1.0.2264 PUP.Optional.AnonymizerGadget, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET, Quarantined, [1597], [364596],1.0.2264 Adware.BetterAds.PrxySvrRST, C:\WINDOWS\SRC_SRV, Quarantined, [6631], [392905],1.0.2264 File: 11 PUP.Optional.AnonymizerGadget, C:\USERS\JTRIG\APPDATA\ROAMING\AGDATA\CONFIG.JSON, Quarantined, [1597], [338259],1.0.2264 PUP.Optional.AnonymizerGadget, C:\Users\jtrig\AppData\Roaming\AGData\add.json, Quarantined, [1597], [338259],1.0.2264 PUP.Optional.Amonetize, C:\PROGRAM FILES (X86)\MICROSOFT TOOLKIT FINAL\MICROSOFT TOOLKIT 2.6.6__9465_IL5.EXE, Quarantined, [6], [398271],1.0.2264 PUP.Optional.AnonymizerGadget, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET\AGUTILS.DLL, Quarantined, [1597], [364596],1.0.2264 PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\MICROSOFT TOOLKIT FINAL\WINDOWS_REG_AC.EXE, Quarantined, [3], [386655],1.0.2264 Adware.BetterAds.PrxySvrRST, C:\WINDOWS\SRC_SRV\TRUSTED.WEB.PROXY.DLL, Quarantined, [6631], [392905],1.0.2264 Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\a55bb5c7-1a2b-49b8-bd64-511e5308f0da.exe, Quarantined, [6631], [392905],1.0.2264 Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\accept_cert.exe, Quarantined, [6631], [392905],1.0.2264 Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\Ionic.Zip.dll, Quarantined, [6631], [392905],1.0.2264 Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\rootCert.pfx, Quarantined, [6631], [392905],1.0.2264 Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\winsrcsrv.exe, Quarantined, [6631], [392905],1.0.2264 Physical Sector: 0 (No malicious items detected) (end)
  8. Wow, So far so good. The installation has gone through. I am running a scan now. Hopefully it finds something that is causing my disk issues. Thank you
  9. Ok so I have done that and restarted my system. Hope this helps. fixlist.txt
  10. Checked but it is not there at all. ......
  11. Hi, I have removed AV shield however DragonBoost does not provide me with an uninstall option. I have found it in Settings > Apps & features although it says unavailable and the the modify/Unistall options are greyed out. I do use CCleaner however it doesnt even see DragonBoost. Any suggestions?
  12. Thank you, Here we go hope these help. FRST.txt Addition.txt
  13. Hello there, I am almost certain something dodgy is going on with my computer and it is slowly getting worse. In Task manager the system reports that the disk space is at 100% almost all the time and this is causing me to crash/lag non stop. I currently use windows defender and nothing suspicious has come around so I wanted to install malwarebytes to do another scan to see if i can stop what is ever on my computer. Adverts too have started to pop up on screen and redirecting my page.... Which is becoming unbearable. The issue originally was the software was blocked by an administrator and the only way i got around that was by using the hidden administrators account although when I attempted to install it on that account i received the following error; Error 49:120 Could not call proc I have seen you were able to help others resolve this and I am just praying you are able to help me as well, Kind regards, Jamie
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.