Slyfur's Content - Malwarebytes Forums

Malware keeps popping up when i havent downloaded anything

Slyfur replied to Slyfur's topic in Resolved Malware Removal Logs

But it looks like everything is fine

Malware keeps popping up when i havent downloaded anything

Slyfur replied to Slyfur's topic in Resolved Malware Removal Logs

I was able to hold the power button and shut it off, when i turned it back on it was able to shut off again

Malware keeps popping up when i havent downloaded anything

Slyfur replied to Slyfur's topic in Resolved Malware Removal Logs

Uh i cant shut off my pc

Malware keeps popping up when i havent downloaded anything

Slyfur replied to Slyfur's topic in Resolved Malware Removal Logs

I am using adblocker So i dont think ill be able to see the popups

Malware keeps popping up when i havent downloaded anything

Slyfur replied to Slyfur's topic in Resolved Malware Removal Logs

https://gyazo.com/f015ae710cf4df0b61ba95567bb2fd2a nothing appeared so i guess im good

Malware keeps popping up when i havent downloaded anything

Slyfur replied to Slyfur's topic in Resolved Malware Removal Logs

ComboFix 18-08-08.01 - Administrator 3/2018 Thu 19:30:40.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.936.86.1033.18.8158.5135 [GMT -4:00] 执行位置: c:\users\Administrator\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189} SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功创造新还原点 . . ((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\logs\scecomp.log . . ((((((((((((((((((((((((( 2018-08-13 至 2018-09-13 的新的档案 ))))))))))))))))))))))))))))))) . . 2018-09-13 23:36 . 2018-09-13 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2018-09-13 23:29 . 2018-09-13 23:29 58120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys 2018-09-13 22:30 . 2018-09-13 22:36 98616 ----a-w- c:\windows\system32\drivers\mwac.sys 2018-09-13 18:51 . 2018-08-21 18:04 14821528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\mpengine.dll 2018-09-12 00:10 . 2018-08-21 18:04 14821528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2018-09-11 23:51 . 2018-09-13 22:30 117472 ----a-w- c:\windows\system32\drivers\farflt.sys 2018-09-11 18:53 . 2018-08-23 22:00 15283712 ----a-w- c:\windows\system32\ieframe.dll 2018-09-10 23:42 . 2018-09-13 22:30 259360 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2018-09-05 23:56 . 2018-09-05 23:56 -------- d-----w- C:\KVRT_Data 2018-09-05 21:33 . 2018-09-05 21:33 255928 ----a-w- c:\windows\system32\drivers\7141A5F8.sys 2018-09-05 21:22 . 2018-09-05 21:22 255928 ----a-w- c:\windows\system32\drivers\45439380.sys 2018-09-05 21:21 . 2018-09-05 21:42 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2018-09-05 18:57 . 2018-09-13 19:11 -------- d-----w- C:\FRST 2018-09-05 18:42 . 2018-09-13 22:30 52328 ----a-w- c:\windows\system32\drivers\mbam.sys 2018-09-05 18:42 . 2018-09-07 00:10 193256 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys 2018-09-05 18:42 . 2018-07-12 12:42 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys 2018-09-05 18:42 . 2018-09-05 21:22 -------- d-----w- c:\programdata\Malwarebytes 2018-09-05 04:01 . 2018-09-05 04:01 -------- d-----w- c:\program files\Malwarebytes 2018-09-04 03:12 . 2018-09-04 18:59 -------- d-----w- C:\AdwCleaner 2018-09-03 22:23 . 2018-09-03 22:23 -------- d-----w- c:\users\Administrator\AppData\Local\mbam 2018-08-26 21:33 . 2018-09-06 18:47 -------- d-----w- c:\users\Administrator\AppData\Local\PrimeQuintaUpdateSoftware 2018-08-26 21:33 . 2018-08-26 21:33 -------- d-----w- c:\program files (x86)\Common Files\EastCharonHCS 2018-08-26 21:32 . 2018-08-26 21:32 -------- d-----w- c:\program files (x86)\AutoicousMarasmusAutoicousMarasmus 2018-08-26 21:27 . 2018-08-29 19:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\PokeMMO 2018-08-21 01:14 . 2018-09-02 03:21 -------- d-----w- c:\users\Administrator\AppData\Local\Roblox . . . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2018-09-13 22:29 . 2018-04-15 18:33 65536 ----a-w- c:\windows\system32\spu_storage.bin 2018-09-11 20:12 . 2017-02-09 05:49 139184408 -c--a-w- c:\windows\system32\MRT.exe 2018-08-10 15:39 . 2018-09-11 18:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2018-08-03 15:55 . 2018-08-14 18:25 109568 ----a-w- c:\windows\system32\hlink.dll 2018-08-03 15:39 . 2018-08-14 18:25 84992 ----a-w- c:\windows\SysWow64\hlink.dll 2018-07-16 22:02 . 2010-11-21 03:27 563832 ------w- c:\windows\system32\MpSigStub.exe 2018-07-07 16:01 . 2018-09-11 18:54 316928 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2018-07-07 15:46 . 2018-09-11 18:53 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2018-07-07 15:46 . 2018-09-11 18:54 2182656 ----a-w- c:\windows\apppatch\AcGenral.dll 2018-07-07 15:24 . 2018-08-14 18:25 3226112 ----a-w- c:\windows\system32\win32k.sys 2018-07-06 16:09 . 2018-08-14 18:25 947904 ----a-w- c:\windows\system32\drivers\ndis.sys 2018-06-29 15:55 . 2018-08-14 18:25 695808 ----a-w- c:\windows\system32\cscsvc.dll 2018-06-29 15:55 . 2018-08-14 18:25 137728 ----a-w- c:\windows\system32\CscMig.dll 2018-06-29 15:55 . 2018-08-14 18:25 45568 ----a-w- c:\windows\system32\cscapi.dll 2018-06-29 15:55 . 2018-08-14 18:25 30208 ----a-w- c:\windows\system32\cscdll.dll 2018-06-29 15:40 . 2018-08-14 18:25 23040 ----a-w- c:\windows\SysWow64\cscdll.dll 2018-06-29 15:14 . 2018-08-14 18:25 516096 ----a-w- c:\windows\system32\drivers\csc.sys 2018-06-29 15:09 . 2018-08-14 18:25 34304 ----a-w- c:\windows\SysWow64\cscapi.dll 2018-06-27 16:01 . 2018-08-14 18:25 114368 ----a-w- c:\windows\system32\consent.exe 2018-06-27 15:55 . 2018-08-14 18:25 484864 ----a-w- c:\windows\system32\StructuredQuery.dll 2018-06-27 15:55 . 2018-08-14 18:25 3246592 ----a-w- c:\windows\system32\msi.dll 2018-06-27 15:55 . 2018-08-14 18:25 504320 ----a-w- c:\windows\system32\msihnd.dll 2018-06-27 15:55 . 2018-08-14 18:25 25088 ----a-w- c:\windows\system32\msimsg.dll 2018-06-27 15:54 . 2018-08-14 18:25 1942016 ----a-w- c:\windows\system32\authui.dll 2018-06-27 15:54 . 2018-08-14 18:25 70144 ----a-w- c:\windows\system32\appinfo.dll 2018-06-27 15:43 . 2018-08-14 18:25 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll 2018-06-27 15:42 . 2018-08-14 18:25 2366464 ----a-w- c:\windows\SysWow64\msi.dll 2018-06-27 15:42 . 2018-08-14 18:25 337408 ----a-w- c:\windows\SysWow64\msihnd.dll 2018-06-27 15:42 . 2018-08-14 18:25 25088 ----a-w- c:\windows\SysWow64\msimsg.dll 2018-06-27 15:41 . 2018-08-14 18:25 1806848 ----a-w- c:\windows\SysWow64\authui.dll 2018-06-27 15:21 . 2018-08-14 18:25 128512 ----a-w- c:\windows\system32\msiexec.exe 2018-06-27 15:16 . 2018-08-14 18:25 73216 ----a-w- c:\windows\SysWow64\msiexec.exe 2018-06-21 03:33 . 2018-08-14 18:25 2048 ----a-w- c:\windows\system32\tzres.dll 2018-06-21 03:09 . 2018-08-14 18:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Discord"="c:\users\Administrator\AppData\Local\Discord\app-0.0.301\Discord.exe" [2018-05-01 57816920] "Steam"="c:\users\Administrator\Desktop\New folder\steam.exe" [2018-09-08 3207968] "Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2018-08-08 1384840] "Spotify"="c:\users\Administrator\AppData\Roaming\Spotify\Spotify.exe" [2018-08-23 24453008] "EpicGamesLauncher"="c:\program files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" [2018-09-11 32993168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "AlwaysShowClassicMenu"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 PNPMEM;Microsoft Memory Module Driver;c:\windows\system32\DRIVERS\pnpmem.sys;c:\windows\SYSNATIVE\DRIVERS\pnpmem.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 stornvme;stornvme;c:\windows\system32\drivers\stornvme.sys;c:\windows\SYSNATIVE\drivers\stornvme.sys [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WiaRpc;Still Image Acquisition Events;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x] S1 MpKslebaad46f;MpKslebaad46f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x] S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x] S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x] S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 98635395 *NewlyCreated* - MBAMFARFLT *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBPROTECTION *NewlyCreated* - MPKSLEBAAD46F *Deregistered* - 29124B04 *Deregistered* - 98635395 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted WiaRpc . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-15 1353680] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted WiaRpc . ------- 而外的扫描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,5e,89,40,7f,18,05,4b,b1,5b,af,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,5e,89,40,7f,18,05,4b,b1,5b,af,\ . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AVI" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.m3u" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M4A" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MOV" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . 完成时间: 2018-09-13 19:37:42 ComboFix-quarantined-files.txt 2018-09-13 23:37 . Pre-Run: 106,273,267,712 bytes free Post-Run: 106,685,374,464 bytes free . - - End Of File - - 8DA21D926EC635DC3AAE5EC7517EE7F5

Malware keeps popping up when i havent downloaded anything

Slyfur replied to Slyfur's topic in Resolved Malware Removal Logs

I sent the clean mode hopefully it's what you needed but here is also the scan logs # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.1 # ------------------------------- # Build: 09-03-2018 # Database: 2018-09-12.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-13-2018 # Duration: 00:00:25 # OS: Windows 7 Ultimate # Scanned: 41915 # Detected: 2 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.Legacy Ask PUP.Optional.Legacy AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33] AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55] AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12] AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13] AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17] AdwCleaner[S04].txt - [1558 octets] - [05/09/2018 14:50:33] AdwCleaner[S05].txt - [1619 octets] - [05/09/2018 17:00:14] AdwCleaner[S06].txt - [1680 octets] - [05/09/2018 17:44:47] AdwCleaner[S07].txt - [1741 octets] - [07/09/2018 21:08:13] AdwCleaner[S08].txt - [1802 octets] - [09/09/2018 17:03:55] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S09].txt ##########

Malware keeps popping up when i havent downloaded anything

Slyfur replied to Slyfur's topic in Resolved Malware Removal Logs

Scan.txt # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.1 # ------------------------------- # Build: 09-03-2018 # Database: 2018-09-12.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-13-2018 # Duration: 00:00:02 # OS: Windows 7 Ultimate # Cleaned: 1 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted Ask Not Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33] AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55] AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12] AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13] AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17] AdwCleaner[S04].txt - [1558 octets] - [05/09/2018 14:50:33] AdwCleaner[S05].txt - [1619 octets] - [05/09/2018 17:00:14] AdwCleaner[S06].txt - [1680 octets] - [05/09/2018 17:44:47] AdwCleaner[S07].txt - [1741 octets] - [07/09/2018 21:08:13] AdwCleaner[S08].txt - [1802 octets] - [09/09/2018 17:03:55] AdwCleaner[S09].txt - [1902 octets] - [13/09/2018 15:00:02] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C09].txt ########## FRST.txt Addition.txt

Malware keeps popping up when i havent downloaded anything

Slyfur posted a topic in Resolved Malware Removal Logs

Also when i run a game the ping is very high 100-1000 can you please figure out if my computer is infected or is there something wrong with it in general?

Events

Profiles

Forums

Everything posted by Slyfur

Important Information