Jump to content

Malwarebytes failed to remove Adware.Netfilter

crcinnamon

By crcinnamon,
in Resolved Malware Removal Logs

 Share

Recommended Posts

crcinnamon

crcinnamon

Posted
Posted

My computer came into contact with adware, specifically the one where it pops open 30tab.com whenever I open my browser. I've tried adwcleaner, malwarebytes, resetting the browser and resetting the sync, but yet this darn adware refuses to go away. It shows that it's a registry key, so I opened up regedit.exe but could not locate the adware. I'd love some assistance to help remove this adware! 

Here's the Report Scan from Malwarebytes:

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 12/21/17

Scan Time: 12:22 PM

Log File: a6872622-e68c-11e7-ada9-00ffa16c399e.json

Administrator: Yes

 

-Software Information-

Version: 3.3.1.2183

Components Version: 1.0.262

Update Package Version: 1.0.3538

License: Free

 

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Cassia-PC\Cassia

 

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 313906

Threats Detected: 1

Threats Quarantined: 0

(No malicious items detected)

Time Elapsed: 22 min, 7 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 1

Adware.NetFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mrxsmb22, Removal Failed, [1429], [468093],1.0.3538

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

 

Physical Sector: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites
crcinnamon

crcinnamon

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Cassia (administrator) on CASSIA-PC (21-12-2017 14:03:53)
Running from C:\Users\Cassia\Downloads
Loaded Profiles: Cassia (Available Profiles: Cassia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Discord Inc.) C:\Users\Cassia\AppData\Local\Discord\app-0.0.299\Discord.exe
(Spotify Ltd) C:\Users\Cassia\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
(Wireless Service) C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Discord Inc.) C:\Users\Cassia\AppData\Local\Discord\app-0.0.299\Discord.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe
() C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe
() C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe
() C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe
() C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Discord Inc.) C:\Users\Cassia\AppData\Local\Discord\app-0.0.299\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe [995328 2009-10-19] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] => C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe [122880 2009-10-19] (Wireless Service)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1014736 2014-07-22] (MSI)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-04] (Raptr, Inc)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-12-12] (Copyright (c) 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKU\S-1-5-21-3698355897-2966825838-2324767918-1002\...\Run: [Discord] => C:\Users\Cassia\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-3698355897-2966825838-2324767918-1002\...\Run: [Spotify Web Helper] => C:\Users\Cassia\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-20] (Spotify Ltd)
HKU\S-1-5-21-3698355897-2966825838-2324767918-1002\...\MountPoints2: {33c7f89a-3161-11e5-a670-448a5b5f37aa} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3698355897-2966825838-2324767918-1002\...\MountPoints2: {9f3673a4-9104-11e4-8aa8-448a5b5f37aa} - F:\TL_Bootstrap.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\Cassia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-04-01]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{F2F2B705-D2FE-46DE-9831-E5ABCB3A784F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3698355897-2966825838-2324767918-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-09-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-20] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-09-27] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-26] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: bw77j00o.default
FF ProfilePath: C:\Users\Cassia\AppData\Roaming\Mozilla\Firefox\Profiles\bw77j00o.default [2017-12-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-06-17] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-06-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default [2017-12-21]
CHR Extension: (Adguard AdBlocker) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-12-20]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-12-20]
CHR Extension: (Honey) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-12-20]
CHR Extension: (Adblock Plus) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-12-20]
CHR Extension: (uBlock Origin) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-20]
CHR Extension: (Block site) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2017-12-20]
CHR Extension: (Google Calendar) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-12-20]
CHR Extension: (Gyazo) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdaeeijbbijklfcpahbghahojgfgebo [2017-12-20]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-12-20]
CHR Extension: (Grammarly for Chrome) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-20]
CHR Extension: (Tumblr Savior) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2017-12-20]
CHR Extension: (Chrome Media Router) - C:\Users\Cassia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-04-01] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122792 2017-12-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
S2 D_Link_DWA-125; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2009-08-21] (Wireless Service) [File not signed]
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [40960 2009-07-07] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-11-24] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1722320 2014-08-26] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-09-24] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-09-24] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-12-12] (Copyright (c) 2017 Plays.tv, LLC)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [701896 2017-09-13] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amdfx; C:\Windows\system32\drivers\amdfx.sys [0 2017-12-21] () <==== ATTENTION (zero byte File/Folder)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-21] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1061888 2009-09-15] (Ralink Technology Corp.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2016-09-07] ()
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [122000 2017-07-25] (Wacom Technology)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S1 mrxsmb22; system32\drivers\mrxsmb22.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Cassia\Downloads\Kontakt_5_568_PC "
2017-12-21 14:03 - 2017-12-21 14:05 - 000022525 _____ C:\Users\Cassia\Downloads\FRST.txt
2017-12-21 14:03 - 2017-12-21 14:03 - 000000000 ____D C:\FRST
2017-12-21 14:02 - 2017-12-21 14:03 - 002392064 _____ (Farbar) C:\Users\Cassia\Downloads\FRST64.exe
2017-12-21 12:57 - 2017-12-21 12:57 - 003481952 _____ C:\Windows\KeyHook64.dll
2017-12-21 12:09 - 2017-12-21 12:09 - 008187336 _____ (Malwarebytes) C:\Users\Cassia\Downloads\adwcleaner_7.0.5.0 (1).exe
2017-12-21 12:00 - 2017-12-21 12:01 - 011584088 _____ (SurfRight B.V.) C:\Users\Cassia\Downloads\hitmanpro_x64.exe
2017-12-21 10:31 - 2017-12-21 10:37 - 000000000 ____D C:\Windows\system32\ccleaner backup
2017-12-21 08:02 - 2017-12-21 09:15 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-21 08:01 - 2017-12-21 11:14 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-21 08:01 - 2017-12-21 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-21 08:00 - 2017-12-21 08:00 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-21 07:52 - 2017-12-21 09:55 - 000028145 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-21 07:52 - 2017-12-21 09:19 - 000046196 _____ C:\Windows\ZAM.krnl.trace
2017-12-20 22:55 - 2017-12-20 22:55 - 000000544 _____ C:\EsgInstallerResumeAction_5618b9ca69eec88e719112da87672fda
2017-12-20 16:45 - 2017-12-20 16:45 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-20 16:45 - 2017-12-20 16:45 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-12-20 16:27 - 2017-12-20 16:27 - 000000000 _____ C:\autoexec.bat
2017-12-20 16:00 - 2017-12-20 16:37 - 000000000 ____D C:\Users\Cassia\AppData\Local\NPE
2017-12-20 16:00 - 2017-12-20 16:00 - 000000000 ____D C:\ProgramData\Norton
2017-12-20 13:16 - 2017-12-21 09:56 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-20 13:16 - 2017-12-20 13:16 - 000000000 ____D C:\Users\Cassia\AppData\Local\Zemana
2017-12-20 13:14 - 2017-12-20 13:15 - 006625600 _____ (Zemana Ltd. ) C:\Users\Cassia\Downloads\Zemana.AntiMalware.Setup.exe
2017-12-20 13:04 - 2017-12-20 13:05 - 008187336 _____ (Malwarebytes) C:\Users\Cassia\Downloads\adwcleaner_7.0.5.0.exe
2017-12-19 12:44 - 2017-12-19 12:44 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000352E550
2017-12-18 12:07 - 2017-12-18 12:07 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys0000000000E8EBD0
2017-12-17 10:39 - 2017-12-17 10:39 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000464E950
2017-12-16 10:54 - 2017-12-16 10:54 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys0000000004C3EC40
2017-12-15 12:15 - 2017-12-15 12:15 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys0000000004B4E810
2017-12-14 14:51 - 2017-12-14 17:09 - 000000000 ____D C:\Users\Cassia\Documents\CELSYS
2017-12-14 14:27 - 2017-12-14 14:27 - 000000799 _____ C:\Users\Public\Desktop\CLIP STUDIO.lnk
2017-12-14 14:26 - 2017-12-14 14:26 - 000000000 ____D C:\ProgramData\CELSYS
2017-12-14 12:59 - 2017-12-14 14:14 - 352669560 _____ (CELSYS) C:\Users\Cassia\Downloads\CSP_171w_setup.exe
2017-12-14 11:27 - 2017-12-14 11:27 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000402EB70
2017-12-13 16:28 - 2017-12-13 16:28 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000451E9C0
2017-12-12 17:23 - 2017-12-12 17:23 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys0000000001E3E750
2017-12-11 13:07 - 2017-12-11 13:07 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000438E780
2017-12-10 20:34 - 2017-12-10 20:35 - 011736196 _____ C:\Users\Cassia\Downloads\235720__speedygonzo__pouring-drink-into-glass.wav
2017-12-10 20:04 - 2017-12-10 20:09 - 010126468 _____ C:\Users\Cassia\Downloads\235726__speedygonzo__wine-glass-hits.wav
2017-12-10 11:07 - 2017-12-10 11:07 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000340E950
2017-12-09 19:31 - 2017-12-09 19:32 - 021320704 _____ C:\Users\Cassia\Downloads\CH15 Benthic Animals.ppt
2017-12-09 19:29 - 2017-12-09 19:30 - 016493568 _____ C:\Users\Cassia\Downloads\CH14 Pelagic Animals.ppt
2017-12-09 11:41 - 2017-12-09 11:41 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000301E850
2017-12-09 00:48 - 2017-12-09 00:50 - 048631643 _____ C:\Users\Cassia\Downloads\Paint Tool SAI Anglicised with Custom Brushes and Transparency Mod.zip
2017-12-08 11:41 - 2017-12-08 11:41 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000445E930
2017-12-07 18:38 - 2017-12-07 18:38 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000256E810
2017-12-07 10:24 - 2017-12-07 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-07 09:59 - 2017-12-07 09:59 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000499E550
2017-12-04 17:06 - 2017-12-04 17:06 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-12-04 17:06 - 2017-12-04 17:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-12-04 17:06 - 2017-12-04 17:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-12-04 17:06 - 2017-12-04 17:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-12-04 16:37 - 2017-12-04 16:37 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys0000000003EAEA00
2017-12-03 12:09 - 2017-12-03 12:09 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys00000000031EE940
2017-12-02 17:05 - 2017-12-02 17:05 - 000000000 __HDC C:\ProgramData\{B52BAF54-A7D8-4EA2-A9AD-1F74FDFA253C}
2017-12-02 17:05 - 2017-12-02 17:05 - 000000000 ____D C:\Users\Public\Documents\Native Instruments
2017-12-02 17:00 - 2017-12-02 17:00 - 000000000 ____D C:\Users\Public\Documents\Symphony Essentials String Ensemble
2017-12-02 11:10 - 2017-12-02 11:10 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000384E7C0
2017-12-01 16:49 - 2017-12-01 16:49 - 000000000 ____D C:\Users\Cassia\AppData\Local\CrashReportClient
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\EasyAntiCheat
2017-12-01 16:11 - 2017-11-24 19:37 - 000382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-12-01 10:36 - 2017-12-01 10:36 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys0000000002BDEBC0
2017-11-30 18:53 - 2017-11-30 18:53 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys0000000001E9EB60
2017-11-29 23:31 - 2017-11-29 23:31 - 008261584 _____ (Malwarebytes) C:\Users\Cassia\Downloads\adwcleaner_7.0.4.0.exe
2017-11-28 18:42 - 2017-11-28 18:42 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys00000000034AECB0
2017-11-27 16:46 - 2017-11-27 16:46 - 005911144 _____ (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys000000000342EC50
2017-11-27 16:45 - 2017-12-19 12:39 - 000000000 ____D C:\Windows\SSL
2017-11-26 23:23 - 2017-11-26 23:23 - 000000000 ____D C:\Kong Audio Qin Library
2017-11-26 23:18 - 2017-11-26 23:26 - 000000000 ____D C:\ProgramData\TEMP
2017-11-26 23:12 - 2017-11-26 23:20 - 106659734 _____ (Kong Audio ) C:\Users\Cassia\Downloads\KAI_GuZheng_Classic.exe
2017-11-26 23:12 - 2017-11-26 23:12 - 005911144 ____H (<Advanced Micro Devices>) C:\Windows\system32\Drivers\amdfx.sys00000000030FEB40
2017-11-26 23:11 - 2017-11-26 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kong Audio
2017-11-26 23:11 - 2017-11-26 23:12 - 008137056 _____ C:\Users\Cassia\Downloads\OnlineInstaller.exe
2017-11-26 23:11 - 2017-11-26 23:11 - 000000000 ____D C:\Program Files\Steinberg
2017-11-26 23:11 - 2017-11-26 23:11 - 000000000 ____D C:\Program Files (x86)\Steinberg
2017-11-26 23:09 - 2017-11-26 23:10 - 004833058 _____ (Kong Audio ) C:\Users\Cassia\Downloads\Qin_RV_Setup_v2.12.exe
2017-11-24 19:30 - 2017-11-24 19:30 - 000001078 _____ C:\Users\Cassia\Desktop\Native Access.lnk
2017-11-24 19:29 - 2017-11-24 19:29 - 000000000 __HDC C:\ProgramData\{0D214C83-D202-4A53-86F8-B0E2DD368476}
2017-11-24 19:25 - 2017-11-24 19:25 - 000000000 ____D C:\Users\Cassia\Downloads\Native_Access_Installer (1)
2017-11-24 19:20 - 2017-11-24 19:24 - 064779317 _____ C:\Users\Cassia\Downloads\Native_Access_Installer (1).zip
2017-11-24 19:03 - 2017-11-24 19:03 - 000000000 __HDC C:\ProgramData\{781D5802-8CD2-44DB-8B92-AE3303955601}
2017-11-24 19:02 - 2017-11-24 19:02 - 064650339 _____ C:\Users\Cassia\Downloads\Native_Access_Installer_2.zip
2017-11-23 12:47 - 2017-12-11 15:17 - 000002170 _____ C:\Users\Cassia\Desktop\Discord.lnk
2017-11-23 12:46 - 2017-12-11 15:17 - 000000000 ____D C:\Users\Cassia\AppData\Local\Discord
2017-11-23 12:31 - 2017-11-23 12:44 - 054332920 _____ (Discord Inc.) C:\Users\Cassia\Downloads\DiscordSetup (2).exe
2017-11-23 11:35 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-23 11:34 - 2017-11-23 11:34 - 000000000 ____D C:\Program Files\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-21 13:59 - 2016-06-07 18:25 - 000000000 ____D C:\Users\Cassia\AppData\Local\Warframe
2017-12-21 13:44 - 2014-09-19 21:09 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-21 13:12 - 2009-07-13 20:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-21 13:12 - 2009-07-13 20:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-21 13:10 - 2016-02-24 10:32 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-12-21 13:02 - 2015-03-06 18:44 - 000000404 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2017-12-21 12:58 - 2016-03-30 10:56 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\PlaysTV
2017-12-21 12:58 - 2014-09-19 18:50 - 000000007 _____ C:\Windows\SysWOW64\ANIWZCSUSERNAME
2017-12-21 12:57 - 2016-02-24 10:32 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-12-21 12:57 - 2014-09-19 16:58 - 000000007 _____ C:\Windows\SysWOW64\ANIWZCSUSERNAME{F2F2B705-D2FE-46DE-9831-E5ABCB3A784F}
2017-12-21 12:57 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-21 12:56 - 2016-08-05 11:10 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-21 12:14 - 2015-02-17 16:41 - 000000000 ____D C:\AdwCleaner
2017-12-21 10:33 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-12-21 08:15 - 2014-09-19 16:53 - 000000000 ____D C:\Users\Cassia
2017-12-21 02:43 - 2014-10-12 14:06 - 000000000 ____D C:\Users\Cassia\AppData\Local\Adobe
2017-12-21 00:41 - 2014-09-30 16:59 - 000000000 ____D C:\Windows\Minidump
2017-12-20 23:57 - 2014-09-19 18:25 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\Skype
2017-12-20 23:50 - 2015-08-11 08:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-20 18:59 - 2016-03-10 10:35 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\Spotify
2017-12-20 16:47 - 2016-11-09 22:25 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-20 16:45 - 2015-01-01 15:41 - 000000000 ____D C:\ProgramData\Adobe
2017-12-20 16:45 - 2015-01-01 15:41 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-20 15:52 - 2017-10-17 20:36 - 000000000 ____D C:\Program Files\Common Files\FlashIntegro
2017-12-20 15:19 - 2016-03-10 10:38 - 000000000 ____D C:\Users\Cassia\AppData\Local\Spotify
2017-12-20 13:56 - 2013-06-17 09:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 18:43 - 2017-10-02 16:27 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\WTablet
2017-12-19 12:39 - 2015-03-07 08:38 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\FreeFileViewer
2017-12-19 12:39 - 2014-09-19 19:31 - 000000000 ___HD C:\SuperChargerProfile
2017-12-19 12:39 - 2011-04-12 00:28 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-12-19 12:39 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2017-12-14 20:14 - 2015-01-03 07:41 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\Audacity
2017-12-14 17:03 - 2016-09-10 12:02 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\CELSYS
2017-12-14 14:28 - 2016-09-10 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2017-12-14 14:27 - 2014-05-08 08:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-14 14:25 - 2016-09-10 11:51 - 000000000 ____D C:\Program Files\CELSYS
2017-12-13 16:38 - 2015-07-08 10:26 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 16:38 - 2015-07-08 10:26 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 16:38 - 2015-07-08 10:26 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 16:38 - 2014-10-12 14:09 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-13 16:38 - 2014-09-25 12:07 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-12 17:28 - 2016-08-27 11:00 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\discord
2017-12-11 15:17 - 2017-08-08 16:39 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-07 10:25 - 2016-02-24 10:32 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-06 16:24 - 2014-09-19 17:58 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 16:24 - 2014-09-19 17:58 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-03 12:24 - 2009-07-13 21:13 - 000798694 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-02 21:56 - 2017-06-24 19:18 - 000000000 ____D C:\Users\Cassia\AppData\Roaming\StardewValley
2017-12-02 17:05 - 2017-09-04 18:41 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2017-12-02 11:37 - 2014-12-17 16:14 - 000000000 ____D C:\Games
2017-12-01 16:12 - 2016-11-27 17:02 - 000000000 ____D C:\Users\Cassia\AppData\Local\UnrealEngine
2017-11-26 23:26 - 2017-09-26 12:46 - 000000000 ____D C:\Program Files\VstPlugins
2017-11-24 19:28 - 2017-09-28 12:07 - 000000000 ____D C:\Program Files\Native Instruments
2017-11-24 19:28 - 2017-09-04 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-11-24 19:02 - 2017-09-04 20:49 - 000000000 ____D C:\Users\Cassia\AppData\Local\Native Instruments
2017-11-23 12:47 - 2016-05-08 14:19 - 000000000 ____D C:\Users\Cassia\AppData\Local\SquirrelTemp
2017-11-23 11:34 - 2014-09-19 18:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-23 11:34 - 2014-09-19 18:07 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2016-08-20 12:26 - 2016-12-03 14:18 - 000000033 _____ () C:\Users\Cassia\AppData\Roaming\AdobeWLCMCache.dat
2014-09-19 16:58 - 2017-01-16 13:06 - 000003284 _____ () C:\Users\Cassia\AppData\Roaming\ANIWZCS{F2F2B705-D2FE-46DE-9831-E5ABCB3A784F}
2016-01-28 00:01 - 2016-01-28 00:01 - 000001181 _____ () C:\Users\Cassia\AppData\Roaming\trace_FilterInstaller.1.txt
2016-01-28 00:01 - 2016-01-28 09:24 - 000000919 _____ () C:\Users\Cassia\AppData\Roaming\trace_FilterInstaller.txt
2016-01-28 00:01 - 2016-01-28 09:24 - 000000000 _____ () C:\Users\Cassia\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-02-04 18:55 - 2015-02-06 15:24 - 000006144 _____ () C:\Users\Cassia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-28 15:52 - 2017-02-28 15:52 - 000000837 _____ () C:\Users\Cassia\AppData\Local\recently-used.xbel
2016-06-19 18:29 - 2016-06-19 18:29 - 000000017 _____ () C:\Users\Cassia\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-12-21 12:03 - 2017-12-21 12:01 - 011584088 _____ (SurfRight B.V.) C:\Users\Cassia\AppData\Local\Temp\HitmanPro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-21 07:14

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs, also let me if there are any remaining issues or concerns....

Thank you,

Kevin....

fixlist.txt

Link to post
Share on other sites
crcinnamon

crcinnamon

Posted
  • Author
Posted

I followed all the steps and here are all the logs that you requested. When I had run Malwarebytes again, it had shown that the adware had not been quarantined after the restart.

# AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 22 00:13:54 2017

# Updated on 2017/29/11 by Malwarebytes

# Database: 12-21-2017.1

# Running on Windows 7 Home Premium (X64)

# Mode: scan

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

No malicious folders found.

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

No malicious registry entries found.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries.

 

*************************

 

C:/AdwCleaner/AdwCleaner[C1].txt - [3635 B] - [2016/6/26 16:58:29]

C:/AdwCleaner/AdwCleaner[C2].txt - [3379 B] - [2016/7/17 7:23:9]

C:/AdwCleaner/AdwCleaner[C4].txt - [1948 B] - [2015/11/27 5:46:33]

C:/AdwCleaner/AdwCleaner[C5].txt - [805 B] - [2015/12/9 22:37:44]

C:/AdwCleaner/AdwCleaner[S0].txt - [2910 B] - [2015/2/18 0:43:31]

C:/AdwCleaner/AdwCleaner[S1].txt - [6669 B] - [2015/5/28 18:39:16]

C:/AdwCleaner/AdwCleaner[S2].txt - [4342 B] - [2015/5/30 1:46:4]

C:/AdwCleaner/AdwCleaner[S5].txt - [1303 B] - [2015/11/27 5:44:50]

C:/AdwCleaner/AdwCleaner[S6].txt - [1625 B] - [2015/12/9 22:34:46]

C:/AdwCleaner/AdwCleaner[S7].txt - [671 B] - [2015/12/18 1:39:46]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt ##########

Fixlog.txt

Malwarebytes log.txt

mrt.log

Link to post
Share on other sites
crcinnamon

crcinnamon

Posted
  • Author
Posted
43 minutes ago, crcinnamon said:

I followed all the steps and here are all the logs that you requested. When I had run Malwarebytes again, it had shown that the adware had not been quarantined after the restart. After completing all the steps, the google chrome browser will still open up to 30tab.com/en.html.

# AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 22 00:13:54 2017

# Updated on 2017/29/11 by Malwarebytes

# Database: 12-21-2017.1

# Running on Windows 7 Home Premium (X64)

# Mode: scan

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

No malicious folders found.

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

No malicious registry entries found.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries.

 

*************************

 

C:/AdwCleaner/AdwCleaner[C1].txt - [3635 B] - [2016/6/26 16:58:29]

C:/AdwCleaner/AdwCleaner[C2].txt - [3379 B] - [2016/7/17 7:23:9]

C:/AdwCleaner/AdwCleaner[C4].txt - [1948 B] - [2015/11/27 5:46:33]

C:/AdwCleaner/AdwCleaner[C5].txt - [805 B] - [2015/12/9 22:37:44]

C:/AdwCleaner/AdwCleaner[S0].txt - [2910 B] - [2015/2/18 0:43:31]

C:/AdwCleaner/AdwCleaner[S1].txt - [6669 B] - [2015/5/28 18:39:16]

C:/AdwCleaner/AdwCleaner[S2].txt - [4342 B] - [2015/5/30 1:46:4]

C:/AdwCleaner/AdwCleaner[S5].txt - [1303 B] - [2015/11/27 5:44:50]

C:/AdwCleaner/AdwCleaner[S6].txt - [1625 B] - [2015/12/9 22:34:46]

C:/AdwCleaner/AdwCleaner[S7].txt - [671 B] - [2015/12/18 1:39:46]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt ##########

Fixlog.txt

Malwarebytes log.txt

mrt.log

 

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.



Next,

Make clean install of Chrome.....

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter...

In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard"

A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server...

Continue to next step to completely Uninstall Chrome....

Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

Post log from Zemana, also let me know if Chrome reinstall completes ok. Give update on any remaining issues or concerns....

Thank you,

Kevin

Link to post
Share on other sites
crcinnamon

crcinnamon

Posted
  • Author
Posted

Yes! Uninstalling Chrome let me to finally get rid of the adware. I followed all the steps and it helped me thank you so much Kevin! Another thing I did was go into regedit.exe and scourge through the registry until I found the adware's key and deleted it. I made sure it was completely gone with Malwarebytes before I reinstalled Chrome, and sure enough, it worked! 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I guess we can clean up....

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept