[Malware keeps popping up when i havent downloaded anything]

But it looks like everything is fine

 

[Malware keeps popping up when i havent downloaded anything]

I was able to hold the power button and shut it off, when i turned it back on it was able to shut off again

 

[Malware keeps popping up when i havent downloaded anything]

Uh i cant shut off my pc

 

[Malware keeps popping up when i havent downloaded anything]

I am using adblocker

So i dont think ill be able to see the popups

 

[Malware keeps popping up when i havent downloaded anything]

https://gyazo.com/f015ae710cf4df0b61ba95567bb2fd2a

nothing appeared so i guess im good

 

[Malware keeps popping up when i havent downloaded anything]

ComboFix 18-08-08.01 - Administrator 3/2018 Thu  19:30:40.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.8158.5135 [GMT -4:00]
执行位置: c:\users\Administrator\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * 成功创造新还原点
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
(((((((((((((((((((((((((  2018-08-13 至 2018-09-13 的新的档案  )))))))))))))))))))))))))))))))
.
.
2018-09-13 23:36 . 2018-09-13 23:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2018-09-13 23:29 . 2018-09-13 23:29    58120    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys
2018-09-13 22:30 . 2018-09-13 22:36    98616    ----a-w-    c:\windows\system32\drivers\mwac.sys
2018-09-13 18:51 . 2018-08-21 18:04    14821528    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\mpengine.dll
2018-09-12 00:10 . 2018-08-21 18:04    14821528    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-09-11 23:51 . 2018-09-13 22:30    117472    ----a-w-    c:\windows\system32\drivers\farflt.sys
2018-09-11 18:53 . 2018-08-23 22:00    15283712    ----a-w-    c:\windows\system32\ieframe.dll
2018-09-10 23:42 . 2018-09-13 22:30    259360    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2018-09-05 23:56 . 2018-09-05 23:56    --------    d-----w-    C:\KVRT_Data
2018-09-05 21:33 . 2018-09-05 21:33    255928    ----a-w-    c:\windows\system32\drivers\7141A5F8.sys
2018-09-05 21:22 . 2018-09-05 21:22    255928    ----a-w-    c:\windows\system32\drivers\45439380.sys
2018-09-05 21:21 . 2018-09-05 21:42    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2018-09-05 18:57 . 2018-09-13 19:11    --------    d-----w-    C:\FRST
2018-09-05 18:42 . 2018-09-13 22:30    52328    ----a-w-    c:\windows\system32\drivers\mbam.sys
2018-09-05 18:42 . 2018-09-07 00:10    193256    ----a-w-    c:\windows\system32\drivers\MbamChameleon.sys
2018-09-05 18:42 . 2018-07-12 12:42    152688    ----a-w-    c:\windows\system32\drivers\mbae64.sys
2018-09-05 18:42 . 2018-09-05 21:22    --------    d-----w-    c:\programdata\Malwarebytes
2018-09-05 04:01 . 2018-09-05 04:01    --------    d-----w-    c:\program files\Malwarebytes
2018-09-04 03:12 . 2018-09-04 18:59    --------    d-----w-    C:\AdwCleaner
2018-09-03 22:23 . 2018-09-03 22:23    --------    d-----w-    c:\users\Administrator\AppData\Local\mbam
2018-08-26 21:33 . 2018-09-06 18:47    --------    d-----w-    c:\users\Administrator\AppData\Local\PrimeQuintaUpdateSoftware
2018-08-26 21:33 . 2018-08-26 21:33    --------    d-----w-    c:\program files (x86)\Common Files\EastCharonHCS
2018-08-26 21:32 . 2018-08-26 21:32    --------    d-----w-    c:\program files (x86)\AutoicousMarasmusAutoicousMarasmus
2018-08-26 21:27 . 2018-08-29 19:36    --------    d-----w-    c:\users\Administrator\AppData\Roaming\PokeMMO
2018-08-21 01:14 . 2018-09-02 03:21    --------    d-----w-    c:\users\Administrator\AppData\Local\Roblox
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-09-13 22:29 . 2018-04-15 18:33    65536    ----a-w-    c:\windows\system32\spu_storage.bin
2018-09-11 20:12 . 2017-02-09 05:49    139184408    -c--a-w-    c:\windows\system32\MRT.exe
2018-08-10 15:39 . 2018-09-11 18:53    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2018-08-03 15:55 . 2018-08-14 18:25    109568    ----a-w-    c:\windows\system32\hlink.dll
2018-08-03 15:39 . 2018-08-14 18:25    84992    ----a-w-    c:\windows\SysWow64\hlink.dll
2018-07-16 22:02 . 2010-11-21 03:27    563832    ------w-    c:\windows\system32\MpSigStub.exe
2018-07-07 16:01 . 2018-09-11 18:54    316928    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2018-07-07 15:46 . 2018-09-11 18:53    2560    ----a-w-    c:\windows\apppatch\AcRes.dll
2018-07-07 15:46 . 2018-09-11 18:54    2182656    ----a-w-    c:\windows\apppatch\AcGenral.dll
2018-07-07 15:24 . 2018-08-14 18:25    3226112    ----a-w-    c:\windows\system32\win32k.sys
2018-07-06 16:09 . 2018-08-14 18:25    947904    ----a-w-    c:\windows\system32\drivers\ndis.sys
2018-06-29 15:55 . 2018-08-14 18:25    695808    ----a-w-    c:\windows\system32\cscsvc.dll
2018-06-29 15:55 . 2018-08-14 18:25    137728    ----a-w-    c:\windows\system32\CscMig.dll
2018-06-29 15:55 . 2018-08-14 18:25    45568    ----a-w-    c:\windows\system32\cscapi.dll
2018-06-29 15:55 . 2018-08-14 18:25    30208    ----a-w-    c:\windows\system32\cscdll.dll
2018-06-29 15:40 . 2018-08-14 18:25    23040    ----a-w-    c:\windows\SysWow64\cscdll.dll
2018-06-29 15:14 . 2018-08-14 18:25    516096    ----a-w-    c:\windows\system32\drivers\csc.sys
2018-06-29 15:09 . 2018-08-14 18:25    34304    ----a-w-    c:\windows\SysWow64\cscapi.dll
2018-06-27 16:01 . 2018-08-14 18:25    114368    ----a-w-    c:\windows\system32\consent.exe
2018-06-27 15:55 . 2018-08-14 18:25    484864    ----a-w-    c:\windows\system32\StructuredQuery.dll
2018-06-27 15:55 . 2018-08-14 18:25    3246592    ----a-w-    c:\windows\system32\msi.dll
2018-06-27 15:55 . 2018-08-14 18:25    504320    ----a-w-    c:\windows\system32\msihnd.dll
2018-06-27 15:55 . 2018-08-14 18:25    25088    ----a-w-    c:\windows\system32\msimsg.dll
2018-06-27 15:54 . 2018-08-14 18:25    1942016    ----a-w-    c:\windows\system32\authui.dll
2018-06-27 15:54 . 2018-08-14 18:25    70144    ----a-w-    c:\windows\system32\appinfo.dll
2018-06-27 15:43 . 2018-08-14 18:25    363520    ----a-w-    c:\windows\SysWow64\StructuredQuery.dll
2018-06-27 15:42 . 2018-08-14 18:25    2366464    ----a-w-    c:\windows\SysWow64\msi.dll
2018-06-27 15:42 . 2018-08-14 18:25    337408    ----a-w-    c:\windows\SysWow64\msihnd.dll
2018-06-27 15:42 . 2018-08-14 18:25    25088    ----a-w-    c:\windows\SysWow64\msimsg.dll
2018-06-27 15:41 . 2018-08-14 18:25    1806848    ----a-w-    c:\windows\SysWow64\authui.dll
2018-06-27 15:21 . 2018-08-14 18:25    128512    ----a-w-    c:\windows\system32\msiexec.exe
2018-06-27 15:16 . 2018-08-14 18:25    73216    ----a-w-    c:\windows\SysWow64\msiexec.exe
2018-06-21 03:33 . 2018-08-14 18:25    2048    ----a-w-    c:\windows\system32\tzres.dll
2018-06-21 03:09 . 2018-08-14 18:25    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Discord"="c:\users\Administrator\AppData\Local\Discord\app-0.0.301\Discord.exe" [2018-05-01 57816920]
"Steam"="c:\users\Administrator\Desktop\New folder\steam.exe" [2018-09-08 3207968]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2018-08-08 1384840]
"Spotify"="c:\users\Administrator\AppData\Roaming\Spotify\Spotify.exe" [2018-08-23 24453008]
"EpicGamesLauncher"="c:\program files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" [2018-09-11 32993168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 PNPMEM;Microsoft Memory Module Driver;c:\windows\system32\DRIVERS\pnpmem.sys;c:\windows\SYSNATIVE\DRIVERS\pnpmem.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 stornvme;stornvme;c:\windows\system32\drivers\stornvme.sys;c:\windows\SYSNATIVE\drivers\stornvme.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WiaRpc;Still Image Acquisition Events;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 MpKslebaad46f;MpKslebaad46f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 98635395
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - MPKSLEBAAD46F
*Deregistered* - 29124B04
*Deregistered* - 98635395
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted
WiaRpc
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-15 1353680]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted
WiaRpc
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,5e,89,40,7f,18,05,4b,b1,5b,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,5e,89,40,7f,18,05,4b,b1,5b,af,\
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2018-09-13  19:37:42
ComboFix-quarantined-files.txt  2018-09-13 23:37
.
Pre-Run: 106,273,267,712 bytes free
Post-Run: 106,685,374,464 bytes free
.
- - End Of File - - 8DA21D926EC635DC3AAE5EC7517EE7F5
 

[Malware keeps popping up when i havent downloaded anything]

I sent the clean mode hopefully it's what you needed but here is also the scan logs

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build:    09-03-2018
# Database: 2018-09-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-13-2018
# Duration: 00:00:25
# OS:       Windows 7 Ultimate
# Scanned:  41915
# Detected: 2

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]
AdwCleaner[S04].txt - [1558 octets] - [05/09/2018 14:50:33]
AdwCleaner[S05].txt - [1619 octets] - [05/09/2018 17:00:14]
AdwCleaner[S06].txt - [1680 octets] - [05/09/2018 17:44:47]
AdwCleaner[S07].txt - [1741 octets] - [07/09/2018 21:08:13]
AdwCleaner[S08].txt - [1802 octets] - [09/09/2018 17:03:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S09].txt ##########
 

[Malware keeps popping up when i havent downloaded anything]

Scan.txt

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build:    09-03-2018
# Database: 2018-09-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-13-2018
# Duration: 00:00:02
# OS:       Windows 7 Ultimate
# Cleaned:  1
# Failed:   1

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Not Deleted   AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]
AdwCleaner[S04].txt - [1558 octets] - [05/09/2018 14:50:33]
AdwCleaner[S05].txt - [1619 octets] - [05/09/2018 17:00:14]
AdwCleaner[S06].txt - [1680 octets] - [05/09/2018 17:44:47]
AdwCleaner[S07].txt - [1741 octets] - [07/09/2018 21:08:13]
AdwCleaner[S08].txt - [1802 octets] - [09/09/2018 17:03:55]
AdwCleaner[S09].txt - [1902 octets] - [13/09/2018 15:00:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C09].txt ##########
FRST.txt

Addition.txt

 

[Malware keeps popping up when i havent downloaded anything]

Also when i run a game the ping is very high 100-1000

can you please figure out if my computer is infected or is there something wrong with it in general?

[I can't remove trojan.rorracoon]

Nothing came up, thank you so much for helping me remove them. I'm going to delete them from quarantine once and for and never have to worry about them again.

[I can't remove trojan.rorracoon]

It didnt detect the trojan so i think, im alright. But what should i do about the trojans that are in quarantine, should i delete them from the quarantine?

[I can't remove trojan.rorracoon]

3rd malwarebytes scan.txt

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build:    09-03-2018
# Database: 2018-09-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-05-2018
# Duration: 00:00:11
# OS:       Windows 7 Ultimate
# Scanned:  41877
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
FRST.txt

Addition.txt

[I can't remove trojan.rorracoon]

It finished scanning and said there was no malware found

 

[I can't remove trojan.rorracoon]

I still see the trojan in the scan did i do something wrong?

[I can't remove trojan.rorracoon]

2nd malwarebyte scan.txt

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build:    09-03-2018
# Database: 2018-09-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-05-2018
# Duration: 00:00:11
# OS:       Windows 7 Ultimate
# Scanned:  41877
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
 

FRST.txt

Addition.txt

[I can't remove trojan.rorracoon]

05.09.2018_16.18.11.zip

I ran the fix, but how do i know if the fix really worked? And here's your datetime zip. Should i delete it after you've received the file?

[I can't remove trojan.rorracoon]

Sorry but im a bit confused where do i run the fix?

[I can't remove trojan.rorracoon]

I see, thank you. And im sorry if i may have came across as rude. I've been stressed out for the past two days.

[I can't remove trojan.rorracoon]

Thank you, but im more concerned about the virus atm please tell me you can remove it

 

[I can't remove trojan.rorracoon]

I thought it just stored game data, but anyways is there any way to get rid of trojan or should i run another scan?

And im not running a cheat or hack against steam

 

[I can't remove trojan.rorracoon]

When i ran adwcleaner it failed to reboot even though it said nothing was detected. After i was done restarting homegroup appeared as a shortcut

[I can't remove trojan.rorracoon]

Malwarebytes scan.txt 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build:    09-03-2018
# Database: 2018-09-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-05-2018
# Duration: 00:00:11
# OS:       Windows 7 Ultimate
# Scanned:  41877
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
Addition.txt FRST.txt

[I can't remove trojan.rorracoon]

Nothing suspicious has popped up either, no pop up adds, and the web slowing down

 

[I can't remove trojan.rorracoon]

I've tried to remove trojan.rorracoon using malwarebytes but it didnt seem to work ive tried three times already and it popped up six times on my quarantine. Im a newbie at using a computer but can you please help me.