Jump to content

SuperSaiyanAJ

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. After making my previous post, I ran another Malwarebytes scan which detected 58 threats, including PUPs, trojans, and adware. 😫 Sorry to be such a hassle! I hope the Farbar logs I provided will help solve this mystery.
  2. Thanks, Nasdaq. In the time since my last post, I have now seen an unwanted program appear on my desktop, which I promptly deleted from my Program Files (x86) folder. I attached the screenshot. I also had Windows Defender alert me saying that it detected 2 severe threats which were quarantined. A screenshot is attached to this message. I ran the Farbar Registry scan and the results are below. I hope it is helpful: Farbar Recovery Scan Tool (x64) Version: 01-06-2019 Ran by Anthony (03-06-2019 20:27:49) Running from C:\Users\Anthony\Desktop Boot Mode: Normal ================== Search Registry: "4CF9B388-78FA-46C3-B409-196FE2CF5F20;48162882-A7FF-4AB6-A8FA-1A6272AB7747" =========== ===================== Search result for "4CF9B388-78FA-46C3-B409-196FE2CF5F20" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\LZMA\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}\Registered Applications] "netmedia32"="{48162882-A7FF-4AB6-A8FA-1A6272AB7747}" ===================== Search result for "48162882-A7FF-4AB6-A8FA-1A6272AB7747" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}\Registered Applications] "netmedia32"="{48162882-A7FF-4AB6-A8FA-1A6272AB7747}" ====== End of Search ======
  3. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05.2019 Ran by Anthony (administrator) on AJR-ZH77A (MSI MS-7758) (28-05-2019 20:29:52) Running from C:\Users\Anthony\Desktop Loaded Profiles: Anthony (Available Profiles: Anthony & DefaultAppPool) Platform: Windows 10 Pro (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (F.lux Software LLC -> f.lux Software LLC) C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Anthony\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Pulse Secure, LLC -> ) C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe (Pulse Secure, LLC -> Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Pulse Secure, LLC -> Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe [3209176 2016-11-30] (Pulse Secure, LLC -> ) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-558817803-4119610966-2941510548-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46506040 2019-04-09] (Google LLC -> ) HKU\S-1-5-21-558817803-4119610966-2941510548-1000\...\Run: [f.lux] => C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-21-558817803-4119610966-2941510548-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-21-558817803-4119610966-2941510548-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00E87E6F-1D36-42B5-8EAD-5CD5032E39EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {0BBED6DA-46FF-41CE-8D1F-ACD140893207} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-23] (Adobe Inc. -> Adobe) Task: {0C171592-D0BE-4DC3-A0AB-83BF2D06BB5A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {0ED0BFA9-B0AA-428D-B552-109239F6541F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {17ADB3E7-E8D0-48B0-9B7A-9686AF48F9B5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {1C2DC640-AC29-4CD7-B31D-975A78B6F918} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {3C42883C-D17B-47CD-B77C-92A331EE274E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {4455AE04-E94F-462F-880D-FAAAF6B7A6CC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [994672 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {46E20B9E-D661-4927-AC41-59C900657453} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {48518B86-C9DC-4289-B1E9-913D467219E3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4D7E0AF7-ED7B-4254-80EF-07EED9936374} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {58DDE73B-1764-4E64-B4DD-7052838B6C82} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5D2B0A38-177A-48CF-B6A6-6BED359D2DDB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {5E1C0443-5174-47A2-BCDB-04AD47A6ABEE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {5E30ACA7-F46F-4B22-BE51-4D0FD5BCEE92} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {660F3B8E-7DF4-427E-89B2-7541E562E76E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {6718ED3D-F74C-413E-B80D-338D3C388E8B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {67F3E1FD-5903-46F3-B4DA-20A6B52DCD6F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd) Task: {73E7D594-278E-4C6F-BE13-1512ED9B06AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {74B49733-C5EB-41B6-97A6-9CC21D566454} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {825616D7-A8BD-4455-B976-059E8ABAB5BB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {87A20AA6-EF1E-403B-82C3-6ADE8DF5E988} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {8849A757-4693-431C-9738-360209508173} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8AB478CE-442A-4630-B152-CA92FE614562} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8DCD9AF9-89F8-4E2D-913C-30453D68C989} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.) Task: {910E38E7-5DB0-4586-B6B4-571B25A61978} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {931DBBD6-F507-4640-B602-F22585A6C0A7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9813856A-FB1A-42A1-A7B4-E619CED6F0B5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-23] (Adobe Inc. -> Adobe) Task: {9F7E208C-8073-4371-97ED-A2A1097366AF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {A288E04D-50AE-49D0-8C7F-3D8C35686253} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {A7899452-C7C7-40B1-B342-91D62E8C1418} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {A99BDC6A-70FB-49F8-9EFC-E04E055084C8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {AB683356-233A-4961-B087-2413690DC0FC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {ACD8F3B9-7F2B-41D5-8B04-FA2A9D028688} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {BF53F84C-E9FF-4607-905E-8D036B350CCA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {CB754D4F-0C41-4878-9340-EBF33C56584D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {D5756D37-4445-4F31-B209-58B03FBDD3E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {D762E39B-56BB-425F-A648-FDE6C295BB36} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {E4F5655A-9D81-4937-AD1B-8D78DBD54640} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [695664 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E83BBBE3-BBB8-4441-855E-BF24060F1CAB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {E97441D5-A08C-4EFC-99E9-853ACBF852CD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {F2375D93-5480-4A34-8FCC-4955D992E94C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.) Task: {F702EED7-8BA3-4EBF-8A69-FF1EF3DBE802} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {FCED7D58-DB4F-4D05-9BBC-6F065C4DD5EC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3487088 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {FF875EDA-942E-4065-BD87-561CDC6D4061} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{1216b495-def4-11e7-af92-806e6f6e6963}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{bf045eac-f871-4640-899f-9235f78aeb59}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{c201cce2-6749-4741-82b8-8468e04f1303}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{d6805ba3-7e65-4cc5-9126-9da5f285a231}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{d6805ba3-7e65-4cc5-9126-9da5f285a231}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation) DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF DefaultProfile: 1jhjbyct.default-1549144348038 FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\1jhjbyct.default-1549144348038 [2019-05-28] FF Homepage: Mozilla\Firefox\Profiles\1jhjbyct.default-1549144348038 -> www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-23] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-31] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-23] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-19] (Pando Networks, Inc. -> Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-18] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-18] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) [File not signed] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-558817803-4119610966-2941510548-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Anthony\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-26] (Citrix Online -> Citrix Online) FF Plugin HKU\S-1-5-21-558817803-4119610966-2941510548-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-19] (Pando Networks, Inc. -> Pando Networks) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-05-18] CHR Extension: (Slides) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-07] CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-07] CHR Extension: (Google Docs Offline) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-07] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-04-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-07] CHR Extension: (Chrome Media Router) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-27] CHR HKU\S-1-5-21-558817803-4119610966-2941510548-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-30] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) R2 PulseSecureService; C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182232 2016-11-30] (Pulse Secure, LLC -> Pulse Secure, LLC) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] (Intel(R) Smart Connect software -> ) R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks) R3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks, Inc.) S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-27] (Malwarebytes Corporation -> Malwarebytes) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f4187dc256a67a6b\nvlddmkm.sys [20337064 2018-10-12] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek ) S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) S3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-06-15] (Unified Intents AB -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-28 20:29 - 2019-05-28 20:30 - 000028602 _____ C:\Users\Anthony\Desktop\FRST.txt 2019-05-28 20:29 - 2019-05-28 20:29 - 000000000 ____D C:\Users\Anthony\Desktop\FRST-OlderVersion 2019-05-27 15:55 - 2019-05-27 15:55 - 000005292 _____ C:\Users\Anthony\Desktop\MWB_Scan_May11.txt 2019-05-27 15:55 - 2019-05-27 15:55 - 000001524 _____ C:\Users\Anthony\Desktop\MWB_Scan_May27.txt 2019-05-27 15:54 - 2019-05-27 15:54 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-05-23 21:28 - 2019-05-23 21:28 - 000464688 _____ C:\Users\Anthony\Desktop\Robert_CoverLetter_May23.pdf 2019-05-23 21:25 - 2019-05-23 21:25 - 000314493 _____ C:\Users\Anthony\Desktop\Robert_Resume_May23.pdf 2019-05-22 19:00 - 2019-05-22 19:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2019-05-20 20:03 - 2019-05-20 20:03 - 000274770 _____ C:\Users\Anthony\Downloads\DirectDebitBillDueMay23,2019_05-02-2019(1).pdf 2019-05-20 20:02 - 2019-05-20 20:02 - 000274770 _____ C:\Users\Anthony\Downloads\DirectDebitBillDueMay23,2019_05-02-2019.pdf 2019-05-20 19:57 - 2019-05-20 20:06 - 000000000 ____D C:\Users\Anthony\Documents\Loan Stuff ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-28 20:29 - 2019-02-19 20:34 - 000000000 ____D C:\FRST 2019-05-28 20:29 - 2019-02-19 20:30 - 002435584 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe 2019-05-28 20:24 - 2018-05-16 21:43 - 000000000 ____D C:\Windows\system32\SleepStudy 2019-05-27 21:35 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-05-27 15:43 - 2019-02-19 20:27 - 000000530 _____ C:\Windows\wininit.ini 2019-05-27 15:43 - 2017-09-30 22:26 - 000000000 ____D C:\Users\Anthony\AppData\LocalLow\Mozilla 2019-05-27 15:43 - 2017-05-27 10:50 - 000000000 ____D C:\ProgramData\NVIDIA 2019-05-27 15:43 - 2013-07-31 08:19 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-05-27 15:43 - 2013-07-31 08:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-05-27 15:42 - 2013-09-26 22:04 - 000000000 ___RD C:\Users\Anthony\Google Drive 2019-05-27 15:41 - 2018-05-16 22:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-05-27 15:40 - 2018-04-11 16:04 - 000524288 _____ C:\Windows\system32\config\BBI 2019-05-27 15:40 - 2013-07-31 08:21 - 000000000 ____D C:\Program Files (x86)\Steam 2019-05-27 15:30 - 2019-03-03 10:09 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-05-27 15:19 - 2013-08-04 13:43 - 000000000 ____D C:\Users\Anthony\AppData\Local\Spotify 2019-05-27 15:17 - 2013-07-31 08:22 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\Spotify 2019-05-23 21:06 - 2018-05-16 22:06 - 000004580 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-05-23 21:06 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-05-23 21:06 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\system32\Macromed 2019-05-22 19:02 - 2018-05-16 22:06 - 000003370 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-558817803-4119610966-2941510548-1000 2019-05-22 19:02 - 2018-05-16 21:52 - 000002408 _____ C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-05-22 19:02 - 2015-12-14 21:36 - 000000000 ___RD C:\Users\Anthony\OneDrive 2019-05-20 20:16 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\AppReadiness 2019-05-20 20:11 - 2018-04-11 18:36 - 000000000 ____D C:\Windows\INF 2019-05-20 20:10 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-05-20 20:09 - 2018-07-05 21:23 - 000000000 ____D C:\ProgramData\Packages 2019-05-20 20:09 - 2018-04-11 18:38 - 000000000 ___RD C:\Windows\PrintDialog 2019-05-20 19:57 - 2015-12-19 20:17 - 000000000 ____D C:\Users\Anthony\AppData\LocalLow\Temp 2019-05-18 18:24 - 2013-07-31 08:20 - 000000000 ____D C:\Program Files (x86)\Google 2019-05-18 18:13 - 2018-05-16 22:06 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-18 18:13 - 2018-05-16 22:06 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-11 09:17 - 2018-05-16 21:47 - 000968720 _____ C:\Windows\system32\PerfStringBackup.INI 2019-05-11 08:45 - 2017-12-06 20:08 - 000002205 _____ C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2019-05-11 08:44 - 2019-04-27 18:21 - 000000000 ____D C:\ProgramData\5681727068127489059 ==================== Files in the root of some directories ======= 2013-07-16 08:56 - 2013-07-16 08:56 - 133170918 _____ () C:\Program Files\openoffice1.cab 2013-07-16 08:54 - 2013-07-16 08:54 - 002260992 _____ () C:\Program Files\openoffice400.msi 2013-07-16 08:54 - 2013-07-16 08:54 - 000475136 _____ () C:\Program Files\setup.exe 2013-07-16 08:54 - 2013-07-16 08:54 - 000000279 _____ () C:\Program Files\setup.ini 2015-09-28 21:52 - 2015-09-28 21:52 - 000000132 _____ () C:\Users\Anthony\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-09-28 21:53 - 2015-09-28 22:19 - 000001456 _____ () C:\Users\Anthony\AppData\Local\Adobe Save for Web 13.0 Prefs ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition.txt
  4. I started off with a much larger infection related to downloading malicious software. The old thread can be found here. Nasdaq (the MWB mod) was awesome and we made progress, but it doesn't look like I'm completely clean. It seems that every few days, I'll have a new smaller infection (see the dates on most recent logs attached). It seems that all of my MWB and Sophos scans aren't truly scrubbing my entire computer clean. I will fully comply if there is something I'm doing wrong. It seems like there's some nasty malware tucked up in the deepest depths of the computer that keeps resurfacing. How does the computer continue to get reinfected? Is it possible that because I have too many anti-malware programs on my computer that they are getting in each other's way? My computer currently has Malwarebytes, Emsisoft Emergency Kit, Sophos VRT, and Windows Defender installed on it. MWB_Scan_May11.txt MWB_Scan_May27.txt
  5. Malwarebytes and Sophos scans both came back clean. I attached the results of the FRST fix. I will work on adjusting the Google Chrome Secure Preferences when I return home from work today. Fixlog.txt
  6. Nasdaq, I'm sorry it has taken me so long to reply. I can reply much more quickly now (within 24 hours). I was about to followyour instructions but I noticed that there was no fixlist.txt attached to your recent message. Can you please attach that file? Since the time of my last post, I have gotten several more trojans, PUPs, and adware (that I removed with MalwareBytes). Do you need any new logs from me or can we continue with the same instructions as before? Thank you.
  7. Good evening Nasdaq, I really appreciate the guidance you were able to provide me for my previous issue. Unfortunately, I think the problem is not fully cleared. I recently started seeing new Trojans and PUPs. I have all of the new logs ready that I ran on March 17. Again, thank you so much, Anthony AdwCleaner_March17.txt MWB_March17.txt FRST.txt Addition.txt
  8. Hello, Thank you. I am no longer seeing the Exclusions in the Windows Defender Settings. I will continue to check over the next few days to ensure that no new exclusions appear. I will continue to run Malwarebytes scans over the next few days to ensure no new viruses show up. Attached is the fixlog you requested. Please let me know your thoughts. Fixlog.txt
  9. I'll confess that I downloaded malicious software without thinking it through. As a result, got a nasty infection of adware, trojans, PUPs, etc. I've run just about every scan under the sun (Windows Defender, Malwarebytes, Adwarecleaner, Emsisoft Emergency Kit) and removed as much malware as possible. However, one problem remains. My Windows Defender has a list of Exclusions that I am unable to remove because they are greyed out. I am fearful that these exclusions are the cause of why I continue to get new trojans, PUPs, every few days. I have attached logs from running Malwarebytes, AdwCleaner, and Farbar Recovery Scan Tool. Addition.txt FRST.txt AdwCleaner[C05].txt mwb_log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.