Jump to content

Recommended Posts

So I started a scan tonight and one threat was detected, but I do not know if it is a false positive or really a threat.

It says it is a 'PUP.Optional.SysTweak' at the location of 'C:\Windows\System32\roboot64.exe'

When I hover over it, it states Company: Dll-Files.com

 

It has it selected to remove it, but I do not know if this is an important file.

Any suggestions on the matter?

Untitled.png

Link to post
Share on other sites

Hello Tykune and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Safari Select settings (looks like cog wheel, top r/h corner) from the list select "Preferences" in the new window with "General Tab" selected, expand dropdown from "save downloaded files to" box, then select "other" from the new window navigate to and select "Desktop"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Before making any decision on the file in question is best to upload it to VirusTotal and have it checked:

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Windows\System32\roboot64.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin....

 

Link to post
Share on other sites

This may sound silly, but when I woke up my computer this morning.. it was gone from it's location. So I did another system scan with Malwarebytes, and when it got to that point, it detected it again and I manually went to the location and it was there as if it appeared out of no where, or as if it just appeared when malwarebytes scanned that specific spot? I went to virustotal to upload the file via browse, but it doesn't even show the file at all.. even though I am staring straight at it in File Explorer and this has me really confused and worried. I have it where hidden files are shown, but that didn't seem to help.

What do you make of this, and should I just have it removed via malwarebytes?

Edited by Tykune
Link to post
Share on other sites

And here we go. Oddly enough when I made the compressed file of roboot64.exe, Malwarebytes picked that up as well on my desktop in the zip file.. I can only assume that isn't good. But regardless, here is the FRST.txt and Addition.txt will be uploaded below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Foxtai (administrator) on FOXTAI-PC (13-02-2017 08:16:09)
Running from C:\Users\Foxtai\Desktop
Loaded Profiles: Foxtai &  (Available Profiles: Foxtai & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Foxtai\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Nick Gammon) C:\Program Files (x86)\MUSHclient\MUSHclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-05-02] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-22] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Run: [Discord] => C:\Users\Foxtai\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\Foxtai\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-27] (Yahoo!, Inc.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Run: [Yahoo Messenger] => C:\Users\Foxtai\AppData\Local\yahoomessenger\app-0.8.269\Yahoo Messenger.exe [61315088 2016-08-27] (Yahoo! Inc)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Run: [BitTorrent] => C:\Users\Foxtai\AppData\Roaming\BitTorrent\BitTorrent.exe [2149064 2016-12-09] (BitTorrent Inc.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Run: [MyComGames] => C:\Users\Foxtai\AppData\Local\MyComGames\MyComGames.exe [5014928 2017-02-04] (MY.COM B.V.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Discord] => C:\Users\Foxtai\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Yahoo Messenger Updater] => C:\Users\Foxtai\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-27] (Yahoo!, Inc.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Yahoo Messenger] => C:\Users\Foxtai\AppData\Local\yahoomessenger\app-0.8.269\Yahoo Messenger.exe [61315088 2016-08-27] (Yahoo! Inc)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent] => C:\Users\Foxtai\AppData\Roaming\BitTorrent\BitTorrent.exe [2149064 2016-12-09] (BitTorrent Inc.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyComGames] => C:\Users\Foxtai\AppData\Local\MyComGames\MyComGames.exe [5014928 2017-02-04] (MY.COM B.V.)
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{19362216-eb69-48ac-ae1f-413e07551805}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2201447504-2998504938-3908098001-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={4FAFB407-5985-4709-A454-C4895DF4820C}&mid=b80aa00127da47d08b286d16b2d113a0-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.1.7.644&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={4FAFB407-5985-4709-A454-C4895DF4820C}&mid=b80aa00127da47d08b286d16b2d113a0-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.1.7.644&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-01] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-01] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2016-11-25] (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-01] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-04-18] (AVG Secure Search)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2016-11-25] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)
FF Plugin HKU\S-1-5-21-2201447504-2998504938-3908098001-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Foxtai\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2201447504-2998504938-3908098001-1001: @my.com/Games -> C:\Users\Foxtai\AppData\Local\MyComGames\NPMyComDetector.dll [2017-01-26] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Foxtai\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2201447504-2998504938-3908098001-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @my.com/Games -> C:\Users\Foxtai\AppData\Local\MyComGames\NPMyComDetector.dll [2017-01-26] (MY.COM B.V.)

Chrome: 
=======
CHR DefaultProfile: Profile 4
CHR HomePage: Profile 4 -> hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48&sspv=CHNOSGTB
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default [2017-01-17]
CHR Extension: (Google Slides) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-09]
CHR Extension: (Google Docs) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-09]
CHR Extension: (Google Drive) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-09]
CHR Extension: (YouTube) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-09]
CHR Extension: (Google Sheets) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-09]
CHR Extension: (Gmail) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]
CHR Profile: C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-05-19]
CHR Profile: C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-02-13]
CHR Extension: (YouTube) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Foxtai\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2016-11-25] (Perfect World Entertainment Inc)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-14] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-02] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392976 2017-02-11] (EasyAntiCheat Ltd)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-05-18] (Power Admin LLC)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-04-17] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [13848 2016-07-29] (Advanced Micro Devices Inc.)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\DRIVERS\evolve.sys [21656 2012-10-20] (Echobit, LLC)
R1 FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [15936 2013-01-28] (FNet Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-24] (REALiX(tm))
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_39d8ca1ac617325e\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-12-26] (Realtek                                            )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 RZMAELSTROMVADService; C:\WINDOWS\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows (R) Win 7 DDK provider)
R3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 08:16 - 2017-02-13 08:20 - 00031118 _____ C:\Users\Foxtai\Desktop\FRST.txt
2017-02-13 08:15 - 2017-02-13 08:16 - 00000000 ____D C:\FRST
2017-02-13 08:15 - 2017-02-13 08:15 - 02421248 _____ (Farbar) C:\Users\Foxtai\Desktop\FRST64.exe
2017-02-13 08:14 - 2017-02-13 08:14 - 00010136 _____ C:\Users\Foxtai\Desktop\roboot64.zip
2017-02-11 12:51 - 2017-02-11 12:51 - 00000000 ____D C:\ProgramData\For Honor
2017-02-11 10:31 - 2017-02-11 10:31 - 00001280 _____ C:\Users\Foxtai\Desktop\Uplay.lnk
2017-02-11 10:31 - 2017-02-11 10:31 - 00000000 ____D C:\Users\Foxtai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-02-11 10:31 - 2017-02-11 10:31 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-02-11 10:30 - 2017-02-11 10:31 - 63264472 _____ (Ubisoft) C:\Users\Foxtai\Downloads\UplayInstaller.exe
2017-02-08 17:43 - 2016-12-29 07:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 17:36 - 2017-02-08 17:37 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-07 20:22 - 2017-02-07 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 23:38 - 2017-02-06 23:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-04 12:37 - 2017-02-04 12:37 - 00000000 ____D C:\WINDOWS\Panther
2017-02-01 00:51 - 2017-02-01 00:51 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-01 00:51 - 2017-02-01 00:51 - 00000000 ____D C:\Program Files\Java
2017-02-01 00:50 - 2017-02-01 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-01 00:50 - 2017-02-01 00:49 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-31 05:35 - 2017-02-01 00:20 - 00001058 _____ C:\Users\Foxtai\Desktop\Steam.lnk
2017-01-28 03:27 - 2017-01-28 03:27 - 00000119 _____ C:\Users\Foxtai\Desktop\Revelation Online.url
2017-01-27 02:35 - 2017-01-27 02:38 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-26 23:27 - 2017-01-28 02:49 - 00000000 ____D C:\MyGames
2017-01-26 23:27 - 2017-01-26 23:27 - 00002137 _____ C:\Users\Foxtai\Desktop\My.com Game Center.lnk
2017-01-26 23:26 - 2017-02-13 00:27 - 00000000 ____D C:\Users\Foxtai\AppData\Local\MyComGames
2017-01-24 18:56 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 18:56 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 02:05 - 2017-01-24 02:05 - 00000193 _____ C:\WINDOWS\WORDPAD.INI
2017-01-22 01:06 - 2017-01-26 05:45 - 00000000 ____D C:\Users\Foxtai\Desktop\SkyrimSavedStuff
2017-01-22 01:05 - 2017-01-22 01:05 - 00078543 _____ C:\Users\Foxtai\Downloads\vramsizetest.zip
2017-01-20 11:47 - 2017-01-21 02:14 - 00002384 _____ C:\Users\Foxtai\Desktop\skyriminstruct.txt
2017-01-20 01:39 - 2017-01-20 01:39 - 00000000 ____D C:\Users\Foxtai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2017-01-20 01:07 - 2017-01-20 01:43 - 00001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2017-01-17 12:30 - 2017-01-17 12:33 - 00002357 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-01-17 12:30 - 2017-01-17 12:30 - 00003384 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-01-17 12:30 - 2017-01-17 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 08:15 - 2012-08-29 05:51 - 00000000 ____D C:\ProgramData\MFAData
2017-02-13 08:14 - 2015-03-10 10:36 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-02-13 08:14 - 2012-08-29 06:35 - 00000000 ____D C:\Users\Foxtai\AppData\Roaming\Skype
2017-02-13 08:05 - 2015-11-23 20:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 02:11 - 2015-03-10 10:30 - 00000000 ____D C:\Users\Foxtai\AppData\Local\CrashDumps
2017-02-13 01:08 - 2016-08-27 18:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 00:37 - 2016-08-27 18:46 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-13 00:37 - 2013-03-20 08:33 - 00000000 ____D C:\Program Files (x86)\MUSHclient
2017-02-13 00:20 - 2016-08-27 19:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-12 21:28 - 2012-08-29 14:48 - 00000000 ____D C:\Users\Foxtai\AppData\Local\Ubisoft Game Launcher
2017-02-12 11:16 - 2016-09-21 13:06 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-12 05:17 - 2016-09-11 20:59 - 00542248 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-11 12:51 - 2012-08-29 07:25 - 00000000 ____D C:\Users\Foxtai\Documents\My Games
2017-02-11 11:37 - 2015-10-30 17:38 - 00392976 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-02-11 10:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-11 04:28 - 2017-01-08 18:27 - 00008769 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-10 19:58 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-10 07:51 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-08 17:44 - 2016-08-27 18:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 17:44 - 2016-07-29 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 17:43 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 17:42 - 2016-03-23 21:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 12:42 - 2014-10-23 10:00 - 00000000 ____D C:\ProgramData\ProductData
2017-02-07 20:22 - 2016-12-02 11:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-02 03:36 - 2015-04-20 10:07 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 00:53 - 2015-09-14 22:49 - 00000000 ____D C:\Users\Foxtai\Desktop\ModOrganizer
2017-02-01 00:50 - 2013-09-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2017-02-01 00:49 - 2014-10-23 10:11 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-01 00:32 - 2015-02-19 05:17 - 00000000 ____D C:\Users\Foxtai\AppData\Local\Steam
2017-02-01 00:22 - 2016-03-23 21:26 - 00000000 ____D C:\Users\Foxtai\AppData\Roaming\Curse Client
2017-01-31 05:34 - 2012-09-12 13:13 - 00000000 ____D C:\Users\Foxtai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-31 05:34 - 2012-09-12 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-30 10:26 - 2009-01-10 04:52 - 00000000 ____D C:\Users\Foxtai\Desktop\Duane's Folder
2017-01-28 03:27 - 2015-07-14 04:33 - 00000000 ____D C:\Users\Foxtai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-01-27 02:38 - 2016-07-29 16:27 - 00002413 _____ C:\Users\Foxtai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 02:38 - 2016-07-29 16:27 - 00000000 ___RD C:\Users\Foxtai\OneDrive
2017-01-26 06:10 - 2015-04-27 16:13 - 00000000 ____D C:\Users\Foxtai\AppData\Local\LOOT
2017-01-26 06:08 - 2016-05-28 00:53 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-01-24 19:25 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 08:21 - 2014-12-19 10:55 - 00000000 ____D C:\Users\Foxtai\AppData\Local\FirestormOS_x64
2017-01-24 02:27 - 2016-04-01 20:26 - 00001136 _____ C:\Users\Foxtai\Desktop\ModOrganizer.exe.lnk
2017-01-24 02:16 - 2009-10-23 09:22 - 00000000 ____D C:\Games
2017-01-23 02:37 - 2013-10-27 08:24 - 00000000 ____D C:\Users\Foxtai\Desktop\Skyrim Programs
2017-01-22 01:21 - 2014-03-11 08:28 - 00000000 ____D C:\ProgramData\IObit
2017-01-21 18:40 - 2012-08-29 07:25 - 00000000 ____D C:\Users\Foxtai\AppData\Local\Skyrim
2017-01-21 16:55 - 2015-11-09 14:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 02:22 - 2016-02-12 23:03 - 00000000 ____D C:\Users\Foxtai\AppData\Roaming\discord
2017-01-20 01:14 - 2016-08-27 18:51 - 00000000 ____D C:\Users\Foxtai
2017-01-20 01:12 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-20 01:09 - 2013-11-11 00:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-19 20:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-19 12:41 - 2016-04-08 03:18 - 00000000 ____D C:\Program Files (x86)\Champions Online_en
2017-01-19 12:40 - 2016-11-24 00:28 - 00000000 ____D C:\Program Files (x86)\Arc
2017-01-18 17:24 - 2016-09-02 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-17 12:51 - 2014-03-05 11:58 - 00000000 ____D C:\ProgramData\Stardock
2017-01-17 12:30 - 2016-08-27 19:15 - 00003030 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Foxtai)
2017-01-17 12:27 - 2012-08-29 06:35 - 00000000 ____D C:\ProgramData\Skype
2017-01-17 12:21 - 2016-04-27 01:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-17 12:15 - 2016-08-27 18:42 - 00207592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-17 12:15 - 2012-08-29 06:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-17 12:12 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-17 12:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-17 12:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-17 12:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-17 12:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-14 18:59 - 2015-09-23 19:02 - 00000000 ____D C:\Program Files (x86)\Cockatrice

==================== Files in the root of some directories =======

2012-09-11 16:16 - 2012-09-11 17:04 - 0772597 _____ () C:\Users\Foxtai\AppData\Roaming\Alganon Setup Log.txt
2012-09-12 09:03 - 2012-09-12 09:03 - 0348727 _____ () C:\Users\Foxtai\AppData\Roaming\Alganon Uninstall Log.txt
2015-05-21 21:25 - 2015-05-21 21:25 - 0000098 _____ () C:\Users\Foxtai\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg
2015-05-21 18:16 - 2015-05-21 18:16 - 0007502 _____ () C:\Users\Foxtai\AppData\Roaming\TheHunterPrimevalSettings_live.bin
2015-05-21 18:05 - 2015-05-21 21:25 - 0000040 _____ () C:\Users\Foxtai\AppData\Roaming\TheHunterPrimevalSettings_live.cfg
2014-03-25 17:29 - 2014-03-25 17:29 - 0000040 _____ () C:\Users\Foxtai\AppData\Roaming\TheHunterSettings_live.cfg
2012-10-10 17:03 - 2012-10-10 17:03 - 0000034 _____ () C:\Users\Foxtai\AppData\Local\12345.txt
2014-07-26 16:46 - 2014-07-26 16:46 - 0003584 _____ () C:\Users\Foxtai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-30 00:47 - 2016-05-16 19:19 - 0007603 _____ () C:\Users\Foxtai\AppData\Local\Resmon.ResmonCfg
2012-10-10 17:03 - 2012-06-16 23:55 - 0150016 _____ () C:\Users\Foxtai\AppData\Local\un.exe
2012-10-10 17:03 - 2012-06-16 23:58 - 0469504 _____ () C:\Users\Foxtai\AppData\Local\un1.exe
2013-01-28 07:56 - 2013-01-28 07:56 - 0000003 _____ () C:\Users\Foxtai\AppData\Local\user_data.ini
2016-08-27 18:45 - 2016-08-27 18:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-08 18:27 - 2017-02-13 00:23 - 0003771 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-08 18:27 - 2017-02-11 04:28 - 0008769 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2016-12-02 11:56 - 2016-12-02 11:56 - 0043008 _____ () C:\Users\Foxtai\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppjg3pe.dll
2016-10-20 00:30 - 2016-10-20 00:30 - 0737856 _____ (Oracle Corporation) C:\Users\Foxtai\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-07-29 17:03 - 2016-07-10 17:37 - 0735152 _____ (NVIDIA Corporation) C:\Users\Foxtai\AppData\Local\Temp\nvSCPAPI.dll
2016-07-29 17:03 - 2016-07-10 17:37 - 0859800 _____ (NVIDIA Corporation) C:\Users\Foxtai\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-08 18:35 - 2016-07-10 17:37 - 0335296 _____ (NVIDIA Corporation) C:\Users\Foxtai\AppData\Local\Temp\nvStInst.exe
2016-09-13 01:52 - 2017-01-17 10:23 - 43975128 _____ (Skype Technologies S.A.) C:\Users\Foxtai\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-11 19:28

==================== End of FRST.txt ============================

roboot64.zip

Addition.txt

Link to post
Share on other sites

Thanks for the logs and zip file, i`ve had the suspect file checked at VirusTotal it is confirmed as malicious:

https://www.virustotal.com/en/file/309efb72c34a04cd55ccbb5e7dd8b89f3355424801d7067b928c1185ef599f89/analysis/1487010384/

I`ve included the file and its zipped copy to the FRST fix, lets continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Clean install Malwarebytes from version 2 to version 3...

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Thank you,

Kevin...

 

fixlist.txt

Link to post
Share on other sites

Also, I attempted the fix and apparently AVG detected FRST64.exe as malicious and removed it. Should I disable AVG before attempting again and is there any danger to attempting again despite AVG having stopped it while it was in the process.

Edited by Tykune
Link to post
Share on other sites

Alright, I got the logs for you. The Sophos Virus Removal Tool came up with nothing, but I got these to spit out some logs. The computer seems to be quite clean now, which I have you to thank for that. What can I remove, or should I remove, from my computer that I no longer have a use for?

MalwareBytesLog.txt

AdwCleaner[C0].txt

Fixlog.txt

Edited by Tykune
Link to post
Share on other sites

Thanks for the logs and information update, If no remaining issues/concerns lets clean up....

Uninstall Sophos AV - http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Thanks a bunch. Now I have a new issue, it seems. I keep getting a message from Malwarebytes that 'Real-Time Protection layers turned off' and when I go to protection settings, it shows Web Protection as off, and when I turn it on, it stays on Starting..., but never starts. Would this be an anti-virus conflict with AVG?

Link to post
Share on other sites

If you revert to the free version (it will revert automatically after 14 days) website protection ceases. Have a read at the following link:

https://www.malwarebytes.com/mwb-download/

There are several problems happening since the conception of version 3, Try the following advice quoted from Malwaebytes version 3 forum:

If it is your Website Protection having issues, please try the following two things:

  1. Under Settings -> Protection, turn on "Enable self-protection module early start". Then reboot and see if your protection module starts up
  2. If that doesn't work, under Settings -> Protection, turn off the option for "Enable self-protection module". Then reboot and see if your protection module starts up
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.