Zyrex
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Zyrex
-
-
Hello,
That is what I tried before asking for help, and I had no success.
Thanks
-
Hello,
The computer itself seems to be running fine, but Malwarebytes continues to find PUP.Optional.Goobzo files which is something I do not want.
I've done everything you've instructed but the files continue to return each time after opening Chrome.
Thanks
-
Hello,
This is the result of the scan -
Fix result of Farbar Recovery Scan Tool (x64) Version: 31-03-2021
Ran by harry (05-04-2021 20:56:39) Run:2
Running from D:\Users\harry\Downloads
Loaded Profiles: harry
Boot Mode: Normal
==============================================fixlist content:
*****************
C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgofchghcchhhcfhjekjcebehjhlmmmd
C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa*****************
C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgofchghcchhhcfhjekjcebehjhlmmmd => moved successfully
"C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa" => not found==== End of Fixlog 20:56:39 ====
Thanks
-
Hello,
This did not work. I tried replacing the "mgofchghcchhhcfhjekjcebehjhlmmmd" with the name of the file that kept coming back which is called "jlcgehabolcakkjhgmgpkagpolbjlhfa" but this too, did not work.
Thanks
-
Hello,
Here is my MSERT results -
---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.335, (build 1.335.232.0)
Started On Mon Apr 5 16:48:29 2021Engine: 1.1.18000.5
Signatures: 1.335.232.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical ModeQuick Scan Results:
-------------------
Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed!
Action: Remove, Result: 0x00000000
regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
SigSeq: 0x0000055555C57273Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Mon Apr 5 16:52:24 2021
Return code: 6 (0x6)
The Fixlog file is attatched.
Thanks
-
Hello,
Here is my Malwarebyes Scan -
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 4/5/21
Scan Time: 2:01 AM
Log File: 03181354-955f-11eb-ae98-2cf05d6f4199.json-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.39108
License: Trial-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: DESKTOP-VI43NU6\harry-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 287301
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 3 min, 26 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 1
PUP.Optional.Goobzo, C:\USERS\HARRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYNC EXTENSION SETTINGS\jlcgehabolcakkjhgmgpkagpolbjlhfa, Quarantined, 1834, 480526, 1.0.39108, , ame, , ,File: 5
PUP.Optional.Goobzo, C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jlcgehabolcakkjhgmgpkagpolbjlhfa\000003.log, Quarantined, 1834, 480526, , , , , 07028969DA1D77D4EEEF00E8695D58A4, 7F9E84B706FB7381A01E7BA2C9CDFCD2E8AD0504DB5C3AF45EEC906273CE967B
PUP.Optional.Goobzo, C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jlcgehabolcakkjhgmgpkagpolbjlhfa\CURRENT, Quarantined, 1834, 480526, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Goobzo, C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jlcgehabolcakkjhgmgpkagpolbjlhfa\LOCK, Quarantined, 1834, 480526, , , , , ,
PUP.Optional.Goobzo, C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jlcgehabolcakkjhgmgpkagpolbjlhfa\LOG, Quarantined, 1834, 480526, , , , , 3DE06543EC8364A63316FCFFD1DC7713, 8C596907355757F9C74A4E75FC5390591FE1AA056ABF7C20CF8A2221BB8B4784
PUP.Optional.Goobzo, C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jlcgehabolcakkjhgmgpkagpolbjlhfa\MANIFEST-000001, Quarantined, 1834, 480526, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)The AdwCleaner said there were no items detected on your system, but here was the log -
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-01.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-05-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0
***** [ Services ] *****No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************[+] Delete Tracing Keys
[+] Reset Winsock*************************
AdwCleaner[S00].txt - [1406 octets] - [05/04/2021 02:17:25]
AdwCleaner[S01].txt - [1467 octets] - [05/04/2021 02:18:30]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
And lastly, this is my FRST results -
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-03-2021
Ran by harry (administrator) on DESKTOP-VI43NU6 (Micro-Star International Co., Ltd. MS-7C22) (05-04-2021 02:25:14)
Running from D:\Users\harry\Downloads
Loaded Profiles: harry
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <28>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) D:\Users\harry\Downloads\adwcleaner_8.2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_272b5c540127d6d2\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe
(Spotify AB -> Spotify Ltd) C:\Users\harry\AppData\Roaming\Spotify\Spotify.exe <5>==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe [1201448 2020-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-07-13] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2539232924-1954736822-977631120-1001\...\Run: [Discord] => C:\Users\harry\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2539232924-1954736822-977631120-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-03-24] (Valve -> Valve Corporation)
HKU\S-1-5-21-2539232924-1954736822-977631120-1001\...\Run: [WallpaperEngine] => D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe [3480672 2021-03-03] (Skutta, Kristjan -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-04] (Google LLC -> Google LLC)
Startup: C:\Users\harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-03-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1CFE2046-F01C-49E4-823D-DA8AE3F724E7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28548CE5-B3F0-4C7B-B521-FAFA3F962ADB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141184 2021-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BF2D04C-3CD1-4F38-929A-FAE751497CE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-04-04] (Google LLC -> Google LLC)
Task: {379FEC6D-F351-4141-9245-544EE427EC7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3C0B6E2E-40A5-451C-B8FD-3764C1340E9D} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {506C04CD-9541-4F6B-8597-72FA69E9601E} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {74BB9832-2A26-4082-84FD-14DF198DF5B3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {845EE15E-CCAE-4044-9001-37B2A2C89AB8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8F07F811-803B-433E-A64B-BE056BF3BBEA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {9599C98E-551A-4558-A3EC-9A09A0BF703A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {96D59061-1D52-4C49-A2EB-75BE639EF9C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5260176 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1CDC6E2-DB93-495E-BF1E-05B16CB46034} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {A5DF9D8B-6856-4083-BCD7-52F5D613CFF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-04-04] (Google LLC -> Google LLC)
Task: {AA337C3B-C870-4FD0-8B3A-669E7EF5C8C2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141184 2021-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE223B5C-7725-4696-AB8D-836FDE65326E} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C40403E9-9045-4E33-A6CB-111CBD8C2CA2} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E0693079-C61A-4AF5-A2D2-08F990F591E2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E6BD07F4-538F-41EE-BF03-3B44B3CC557D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5260176 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7A0C6F8-02C2-4BBD-9B7F-9153C1A283C6} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1a759e1b-db76-4bc5-a088-4d91eff7dea9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b25aedeb-5a0f-4cfd-81a0-d008d0546340}: [DhcpNameServer] 192.168.0.1Edge:
=======
Edge Profile: C:\Users\harry\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-05]FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default [2021-04-05]
CHR DownloadDir: D:\Users\harry\Downloads
CHR DefaultSearchURL: Default -> hxxps://app.destinyitemmanager.com/android-chrome-192x192-6-2018.png
CHR Extension: (Google Drive) - C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-06]
CHR Extension: (YouTube) - C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-06]
CHR Extension: (Destiny Item Manager) - C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\diekafcbbmcolffflekimginbldpnioe [2021-03-23]
CHR Extension: (chelsea sucks at singing) - C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgofchghcchhhcfhjekjcebehjhlmmmd [2021-01-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-14]
CHR Profile: C:\Users\harry\AppData\Local\Google\Chrome\User Data\System Profile [2021-04-04]==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8990072 2021-03-11] (Microsoft Corporation -> Microsoft Corporation)
S2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [605080 2020-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-07-13] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-07-13] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2021-01-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EQU8_36; C:\ProgramData\EQU8\Splitgate_ Arena Warfare\bin\anticheat.x64.equ8.exe [5550272 2021-01-08] (Int3 Software AB -> Int3 Software AB)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-02] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2535000 2021-03-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479640 2021-03-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [447080 2019-07-24] (Razer USA Ltd. -> Razer Inc.)
S2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943240 2019-07-24] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1332632 2021-04-02] (Rockstar Games, Inc. -> Rockstar Games)
R2 RtkAudioUniversalService; C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe [1201448 2020-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_272b5c540127d6d2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_272b5c540127d6d2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\Windows\temp\cpuz149\cpuz149_x64.sys [44320 2021-04-04] (CPUID S.A.R.L.U. -> CPUID)
S3 EQU8_HELPER_36; C:\Windows\system32\DRIVERS\EQU8_HELPER_36.sys [38032 2021-04-04] (Int3 Software AB -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [199128 2021-04-02] (Malwarebytes Inc -> Malwarebytes)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-04-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-04-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-04-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [155360 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-08-18] (Razer USA Ltd. -> Razer Inc)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation)==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-05 02:25 - 2021-04-05 02:25 - 000000000 ____D C:\FRST
2021-04-05 02:21 - 2021-04-05 02:25 - 000004482 _____ C:\Users\harry\Desktop\New Text Document.txt
2021-04-05 02:16 - 2021-04-05 02:17 - 000000000 ____D C:\AdwCleaner
2021-04-04 21:23 - 2021-04-04 21:23 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-04-04 21:23 - 2021-04-04 21:23 - 000155360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-04-04 21:23 - 2021-04-04 21:23 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-04-04 20:50 - 2021-04-04 20:50 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-04 20:50 - 2021-04-04 20:50 - 000002285 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-04 20:50 - 2021-04-04 20:50 - 000000000 ____D C:\Program Files\Google
2021-04-04 20:49 - 2021-04-04 20:55 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-04 20:49 - 2021-04-04 20:55 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-04 20:22 - 2021-04-04 20:22 - 000007597 _____ C:\Users\harry\AppData\Local\Resmon.ResmonCfg
2021-04-02 19:38 - 2021-04-02 19:38 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-04-02 19:38 - 2021-04-02 19:38 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-04-02 19:38 - 2021-04-02 19:38 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-02 19:38 - 2021-04-02 19:38 - 000000000 ____D C:\Users\harry\AppData\Local\mbam
2021-04-02 19:38 - 2021-04-02 19:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-02 19:38 - 2021-04-02 19:37 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-04-02 19:38 - 2021-04-02 19:37 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-04-02 19:37 - 2021-04-02 19:37 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-02 18:18 - 2021-04-02 18:18 - 000000000 ____D C:\Users\harry\AppData\LocalLow\adamgryu
2021-04-02 17:40 - 2021-04-02 17:40 - 000000000 ____D C:\Users\harry\AppData\Roaming\Snakeybus
2021-04-02 17:40 - 2021-04-02 17:40 - 000000000 ____D C:\Users\harry\AppData\LocalLow\Stovetop
2021-04-02 17:40 - 2021-04-02 17:40 - 000000000 ____D C:\ProgramData\Documents\Steam
2021-04-02 17:38 - 2021-04-02 17:39 - 000000087 _____ C:\Users\harry\AppData\Roaming\~SiMPLEX.ini
2021-04-02 17:30 - 2021-04-04 20:41 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{8310EB53-2F17-4B48-8C56-68122480210A}
2021-03-28 20:35 - 2021-03-29 18:50 - 000000000 ____D C:\Users\harry\AppData\Roaming\EasyAntiCheat
2021-03-27 16:27 - 2021-03-27 16:27 - 000000000 ____D C:\Users\harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-03-23 16:55 - 2021-03-23 16:55 - 000000000 ____D C:\Users\harry\Documents\OneNote Notebooks
2021-03-13 05:30 - 2021-03-13 05:30 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-03-13 05:30 - 2021-03-13 05:30 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-03-13 05:30 - 2021-03-13 05:30 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-03-13 05:30 - 2021-03-13 05:30 - 001394024 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-03-13 05:30 - 2021-03-13 05:30 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-03-13 05:30 - 2021-03-13 05:30 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-03-13 05:30 - 2021-03-13 05:30 - 000707016 _____ C:\Windows\system32\TextShaping.dll
2021-03-13 05:30 - 2021-03-13 05:30 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2021-03-13 05:30 - 2021-03-13 05:30 - 000231248 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-03-13 05:30 - 2021-03-13 05:30 - 000091136 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-03-13 05:30 - 2021-03-13 05:30 - 000011359 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-03-07 01:16 - 2021-04-04 18:24 - 000038032 _____ C:\Windows\system32\Drivers\EQU8_HELPER_36.sys==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-05 02:25 - 2021-01-08 12:22 - 000000000 ____D C:\Users\harry\AppData\Roaming\Spotify
2021-04-05 02:22 - 2021-01-06 12:37 - 000000000 ____D C:\Users\harry\AppData\Roaming\discord
2021-04-05 02:22 - 2020-12-31 13:07 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-05 02:22 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-05 02:12 - 2021-01-08 12:23 - 000000000 ____D C:\Users\harry\AppData\Local\Spotify
2021-04-05 02:10 - 2021-01-06 12:52 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-05 01:01 - 2021-01-08 14:26 - 000000000 ____D C:\Users\harry\AppData\Local\CrashDumps
2021-04-04 23:35 - 2020-09-28 00:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-04-04 21:23 - 2021-01-06 11:59 - 000000000 ___RD C:\Users\harry\OneDrive
2021-04-04 21:23 - 2020-09-28 00:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-04 21:22 - 2020-09-28 00:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-04 21:22 - 2019-12-07 19:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-04-04 20:49 - 2021-01-06 12:13 - 000000000 ____D C:\Program Files (x86)\Google
2021-04-04 20:07 - 2021-01-06 13:24 - 000000000 ____D C:\Users\harry\AppData\Local\Origin
2021-04-04 20:07 - 2021-01-06 13:24 - 000000000 ____D C:\ProgramData\Origin
2021-04-04 18:25 - 2021-01-08 19:48 - 000000000 ____D C:\Users\harry\AppData\Local\Vivox
2021-04-04 14:34 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-04 14:34 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\AppReadiness
2021-04-04 03:42 - 2020-09-28 00:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-02 20:02 - 2021-01-06 13:48 - 000000000 ____D C:\Program Files (x86)\Origin
2021-04-02 19:46 - 2019-12-07 19:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-04-02 19:41 - 2021-01-06 22:09 - 000000000 ____D C:\Users\harry\Desktop\Launchers
2021-04-02 19:38 - 2019-12-07 19:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-04-02 17:39 - 2021-01-06 22:09 - 000000000 ____D C:\Users\harry\Desktop\Games
2021-04-02 17:34 - 2021-01-06 11:50 - 000000000 ____D C:\Users\harry
2021-04-02 15:24 - 2021-01-06 20:48 - 000000000 ____D C:\Users\harry\AppData\Roaming\betterdiscord
2021-04-02 13:30 - 2021-01-07 15:04 - 000000000 ____D C:\Program Files\Rockstar Games
2021-04-02 13:30 - 2021-01-07 15:04 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-04-02 13:23 - 2019-12-07 19:03 - 000000000 ____D C:\Windows\CbsTemp
2021-03-29 21:43 - 2021-01-06 11:57 - 000000000 ____D C:\Users\harry\AppData\Local\Packages
2021-03-27 00:50 - 2021-01-06 13:08 - 000000000 ____D C:\Users\harry\AppData\Local\D3DSCache
2021-03-23 00:45 - 2020-12-31 12:59 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-21 23:05 - 2021-01-06 13:24 - 000000000 ____D C:\Users\harry\AppData\Roaming\Origin
2021-03-16 07:09 - 2020-09-28 00:51 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-03-14 12:35 - 2019-12-07 19:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-14 12:33 - 2019-12-07 19:13 - 000000000 ____D C:\Windows\INF
2021-03-14 01:14 - 2020-09-28 00:50 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\SystemResources
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\system32\setup
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\system32\oobe
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\system32\Dism
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\Provisioning
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-03-14 01:13 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\bcastdvr
2021-03-13 19:46 - 2021-01-06 11:59 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2539232924-1954736822-977631120-1001
2021-03-13 19:46 - 2021-01-06 11:59 - 000002370 _____ C:\Users\harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-13 05:17 - 2020-12-31 13:05 - 000000000 ___HD C:\$WinREAgent
2021-03-13 05:14 - 2020-12-31 13:05 - 000000000 ____D C:\Windows\system32\MRT
2021-03-13 05:11 - 2020-12-31 13:05 - 131005360 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-03-12 17:13 - 2021-01-06 13:30 - 000000000 ____D C:\Users\harry\AppData\Local\Battle.net
2021-03-12 17:13 - 2021-01-06 13:24 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-03-06 19:28 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\LiveKernelReports==================== Files in the root of some directories ========
2021-04-02 17:38 - 2021-04-02 17:39 - 000000087 _____ () C:\Users\harry\AppData\Roaming\~SiMPLEX.ini
2021-04-04 20:22 - 2021-04-04 20:22 - 000007597 _____ () C:\Users\harry\AppData\Local\Resmon.ResmonCfg==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
The Addition file is attached.
Thanks
-
Hello,
I've been using Malwarebytes to scan over my PC and it's found some PUP files, and each time I quarantine them, it closes Chrome then they come back after launching Chrome again.
The files keep being found under C:/Users/Name/AppData/Local/Google/Chrome/User Data/Default/Sync Extension settings
I have turned off Sync on Chrome and relaunched like requested from other Topics on the forum, and each time I launch Chrome the files just come back.
Thanks
PUP.Optional.Goobzo on Chrome start up.
in Resolved Malware Removal Logs
Posted
Hello,
Yep! That seemed to have fixed it! Thank you so much Kevin.
Kind regards