Devans23 Posted May 23, 2018 ID:1245698 Share Posted May 23, 2018 Sometimes when I open a window with Maxthon 5, I am getting an audio recording wittering about bitcoin. No video. No pop up. I've ran Malwarebytes, Spybot Search and Destroy and CCleaner and Rkill. I have tried killing processes in task manager manually to work out where it is. No joy. Any help would be appreciated. (Currently trying malwarebytes in safe mode.) Thank you. Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted May 23, 2018 Staff ID:1245699 Share Posted May 23, 2018 ***This is an automated reply*** Hi, Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!! Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know. First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details: Spoiler Malwarebytes can detect and remove most malware with no further actions required for free. If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below. Open Malwarebytes for Windows To the left, click Scan > Scan Types. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available. Click Start Scan Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool: Spoiler Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult. Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually. Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: Click "Reveal Hidden Contents" below for details on how to add attachments to your post.Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. Spoiler To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button. Please Note the Following: One of our expert helpers will give you one-on-one assistance when one becomes available. Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here. Troubleshooting Tips FAQ - Malwarebytes won't run or failed to resolve my issues Groups authorized to help with Malware Removal for Windows logs Link to post Share on other sites More sharing options...
nasdaq Posted May 25, 2018 ID:1246086 Share Posted May 25, 2018 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download AdwCleaner by Xplode onto your Desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the LogFile button and the report will open in Notepad. IMPORTANT If you click the Clean button all items listed in the report will be removed. If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleanerCx.txt (x is a number). === Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click Attach this file.Click the Add reply button. === Please post the logs for my review. Let me know what problems persists. Link to post Share on other sites More sharing options...
Devans23 Posted May 25, 2018 Author ID:1246133 Share Posted May 25, 2018 (edited) Your system will not let me post a reply with the info you asked for. The first report triggers a spam issue. The second one triggers a CURL thing. Any ideas how to get around this would be appreciated. The helpdesk does not seem to be working. I've added them to this message as attachments. Addition.txt AdwCleaner[S01].txt FRST.txt Edited May 25, 2018 by Devans23 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 26, 2018 Root Admin ID:1246153 Share Posted May 26, 2018 Hi @Devans23 Sorry about that. It is an anti-spam routine that saw you posting too quickly. I've set it to allow. Please go ahead and post other logs as needed. Thank you Ron Link to post Share on other sites More sharing options...
Devans23 Posted May 26, 2018 Author ID:1246156 Share Posted May 26, 2018 # ------------------------------- # Malwarebytes AdwCleaner 7.1.1.0 # ------------------------------- # Build: 04-27-2018 # Database: 2018-05-22.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-25-2018 # Duration: 00:00:07 # OS: Windows 7 Ultimate # Scanned: 40907 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01 Ran by Furball (administrator) on FURBALL-PC (25-05-2018 23:54:18) Running from C:\Users\Furball\Desktop Loaded Profiles: Furball (Available Profiles: Furball) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18630280 2018-05-07] (Logitech Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1160177866-105647462-3583954654-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1160177866-105647462-3583954654-1000\...\MountPoints2: {12564ef0-d7a7-11e2-b83e-bc5ff48a58bd} - G:\setup.exe HKU\S-1-5-21-1160177866-105647462-3583954654-1000\...\MountPoints2: {2a4da7a8-fba3-11e6-86df-bc5ff48a58bd} - J:\SETUP.EXE HKU\S-1-5-21-1160177866-105647462-3583954654-1000\...\MountPoints2: {cb1625a6-5ca2-11e4-a685-bc5ff48a58bd} - F:\setup.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [171712 2018-01-24] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [149736 2018-01-24] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2014-05-14] ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico () Startup: C:\Users\Furball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cosmic Scenes.lnk [2013-06-18] ShortcutTarget: Cosmic Scenes.lnk -> C:\Program Files (x86)\Cosmic Scenes\CosmicScenes.exe () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CFE4F654-8115-4288-8D15-9AEE85078DDA}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-1160177866-105647462-3583954654-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/ BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-23] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> d:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-03-10] (Perfect World Entertainment Inc) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-23] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Furball\AppData\Roaming\Mozilla\Firefox\Profiles\l0xssp78.default [2018-05-23] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] () FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [No File] FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> d:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2014-05-14] (Simon Bünzli) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-23] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> d:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-03-10] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) FF Plugin HKU\S-1-5-21-1160177866-105647462-3583954654-1000: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> d:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2014-05-14] (Simon Bünzli) FF Plugin HKU\S-1-5-21-1160177866-105647462-3583954654-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default [2018-05-23] CHR Extension: (Docs) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25] CHR Extension: (Google Drive) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27] CHR Extension: (YouTube) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27] CHR Extension: (Google Search) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27] CHR Extension: (Google Docs Offline) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-31] CHR Extension: (AdBlock) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-22] CHR Extension: (Gmail) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05] CHR Extension: (Chrome Media Router) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-27] Opera: ======= OPR Extension: (AdBlock) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2014-11-19] OPR Extension: (YouTube Center) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\cdcifocibecgcgigbanojipblimlaoij [2014-11-19] OPR Extension: (Dark Skin for Youtube™) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmbefbhbhjgnjbegmnhmakmmldnfogcd [2014-11-19] OPR Extension: (YouTube Downloader) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2013-11-23] OPR Extension: (cleanPages) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgpkcoplbemkfoacdhpjhgdokcagnhkg [2013-11-23] StartMenuInternet: (HKLM) OperaStable - D:\Program Files (x86)\Opera\Launcher.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ArcService; d:\Program Files (x86)\Arc\ArcService.exe [88400 2015-03-10] (Perfect World Entertainment Inc) S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC) S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-28] (BitRaider, LLC) S4 DAUpdaterSvc; D:\Program Files (x86)\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-02] (BioWare) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-27] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-27] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.) S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-12-04] (EasyAntiCheat Ltd) S4 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-14] (GOG.com) S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-10-14] (GOG.com) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries) S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-05-07] (Logitech Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.) S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-24] (NVIDIA Corporation) S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-24] (NVIDIA Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed] S2 tmHInstall; C:\Program Files\Thrustmaster\T.Flight Hotas\drivers\amd64\tmHInstall.exe [51872 2016-06-01] (Thrustmaster®) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-10-03] (BitRaider) R3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-10-12] (HID Global Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-26] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-26] (Disc Soft Ltd) R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [12704 2014-08-29] (DVDFab Software) S3 HidNt; C:\Windows\System32\DRIVERS\HIDNt.sys [22576 2008-04-18] (Microsoft Corporation) [File not signed] S3 HidNt; C:\Windows\SysWOW64\DRIVERS\HIDNt.sys [18992 2008-04-18] (Microsoft Corporation) [File not signed] S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 Mac606; C:\Windows\System32\DRIVERS\Mac606.sys [33200 2008-04-18] () [File not signed] S3 Mac606; C:\Windows\SysWOW64\DRIVERS\Mac606.sys [26672 2008-04-18] () [File not signed] S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-23] (Malwarebytes) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30280 2018-01-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-01-24] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57928 2018-01-24] (NVIDIA Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] () R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [44960 2014-08-29] (DVDFab Software) S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] S3 CM_VENDER_CMD; \??\C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] S3 nvoclk64; system32\DRIVERS\nvoclk64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-25 23:54 - 2018-05-25 23:54 - 000016224 _____ C:\Users\Furball\Desktop\FRST.txt 2018-05-25 23:54 - 2018-05-25 23:54 - 000000000 ____D C:\FRST 2018-05-25 23:50 - 2018-05-25 23:52 - 000000000 ____D C:\AdwCleaner 2018-05-25 23:49 - 2018-05-25 23:48 - 002413056 _____ (Farbar) C:\Users\Furball\Desktop\FRST64.exe 2018-05-25 23:48 - 2018-05-25 23:48 - 007271632 _____ (Malwarebytes) C:\Users\Furball\Desktop\adwcleaner_7.1.1.exe 2018-05-23 20:37 - 2018-05-23 20:37 - 000000000 ____D C:\Users\Furball\Documents\ProcAlyzer Dumps 2018-05-23 20:36 - 2018-05-23 20:36 - 000001304 _____ C:\Users\Furball\Desktop\gg.txt 2018-05-23 20:10 - 2018-05-23 20:38 - 000001278 _____ C:\Windows\ntbtlog.txt 2018-05-23 19:34 - 2018-05-23 20:36 - 000000000 ____D C:\Users\Furball\AppData\Local\CrashDumps 2018-05-23 19:31 - 2018-05-23 20:37 - 000001780 _____ C:\Users\Furball\Desktop\Rkill.txt 2018-05-22 22:46 - 2018-05-22 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-05-22 18:34 - 2018-05-22 18:34 - 000010204 _____ C:\Users\Furball\Documents\cc_20180522_183407.reg 2018-05-21 18:06 - 2018-05-21 18:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2018-05-21 18:06 - 2018-05-21 18:06 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2018-05-21 18:06 - 2018-05-21 18:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2018-05-21 18:06 - 2018-05-21 18:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2018-05-18 00:13 - 2018-05-18 00:13 - 000000000 ____D C:\Users\Furball\Documents\Reus 2018-05-16 22:01 - 2018-05-23 20:28 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-05-16 22:00 - 2018-05-16 22:00 - 075328704 _____ (Malwarebytes ) C:\Users\Furball\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5110.exe 2018-05-16 22:00 - 2018-05-16 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-05-16 20:57 - 2018-05-18 20:58 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-05-16 20:38 - 2018-05-16 20:38 - 000000000 ____D C:\Program Files\Common Files\AV 2018-05-16 19:51 - 2018-05-16 19:52 - 000000000 ____D C:\Program Files\Logitech Gaming Software 2018-05-16 19:50 - 2018-05-16 19:51 - 124322152 _____ (Logitech Inc.) C:\Users\Furball\Desktop\LGS_9.00.42_x64_Logitech.exe 2018-05-16 09:30 - 2018-05-16 09:30 - 000000000 ____D C:\Users\Furball\Desktop\Sketch 2018-05-09 09:19 - 2018-05-09 09:20 - 000000000 ____D C:\Users\Furball\AppData\Local\The Spatials 2018-05-09 03:32 - 2018-05-09 03:32 - 000000000 ____D C:\Users\Furball\Documents\Settlements 2018-05-09 01:17 - 2018-05-09 01:17 - 000000000 ____D C:\Users\Furball\AppData\LocalLow\Blue Wizard 2018-05-07 08:33 - 2018-05-07 08:33 - 000067736 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGJoyXlCore.sys 2018-05-07 08:33 - 2018-05-07 08:33 - 000036496 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGBusEnum.sys 2018-05-07 08:33 - 2018-05-07 08:33 - 000026008 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGVirHid.sys 2018-04-30 06:39 - 2018-04-30 06:39 - 000000000 ____D C:\Users\Furball\AppData\LocalLow\LionsShade 2018-04-29 09:09 - 2018-04-29 09:09 - 000000000 ____D C:\Users\Furball\AppData\LocalLow\Keiwan Donyagard 2018-04-29 09:08 - 2018-04-29 09:47 - 000000000 ____D C:\Users\Furball\Desktop\Evolution ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-25 23:52 - 2013-07-11 11:55 - 000000000 ____D C:\ProgramData\NVIDIA 2018-05-25 23:52 - 2009-07-14 05:45 - 000026736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-05-25 23:52 - 2009-07-14 05:45 - 000026736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-05-25 23:48 - 2016-01-27 06:17 - 000000000 ___RD C:\Users\Furball\Dropbox 2018-05-25 23:46 - 2016-01-27 06:14 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2018-05-25 23:45 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-05-25 07:01 - 2013-07-17 01:43 - 000000000 ____D C:\Program Files (x86)\Steam 2018-05-25 06:44 - 2016-01-27 06:14 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2018-05-25 03:52 - 2016-03-04 08:14 - 000000000 ____D C:\Users\Furball\AppData\Roaming\StardewValley 2018-05-23 20:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2018-05-23 20:03 - 2018-02-15 04:25 - 000000000 ____D C:\Users\Furball\Desktop\Comp Utilities 2018-05-23 20:01 - 2013-10-25 13:01 - 000000000 ____D C:\ProgramData\Oracle 2018-05-22 22:47 - 2015-08-31 03:40 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-05-22 20:27 - 2013-06-18 01:37 - 000000000 ____D C:\Users\Furball\Desktop\Games 2018-05-22 19:35 - 2015-03-05 19:47 - 000000000 ____D C:\ProgramData\GloboFleet 2018-05-20 01:49 - 2013-06-18 03:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-05-19 18:39 - 2016-01-27 06:14 - 000003906 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2018-05-19 18:39 - 2016-01-27 06:14 - 000003654 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2018-05-17 00:26 - 2013-06-20 19:11 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-05-17 00:26 - 2013-06-20 19:11 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-05-16 22:00 - 2017-12-03 06:16 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-05-16 21:10 - 2015-01-01 12:34 - 000000000 ____D C:\Users\Furball\Desktop\Browsers 2018-05-16 20:57 - 2017-03-04 15:28 - 000000000 ____D C:\Program Files\CCleaner 2018-05-16 20:38 - 2014-10-17 00:19 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-05-16 19:52 - 2014-10-27 19:09 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2018-05-16 19:52 - 2014-10-27 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2018-05-16 19:46 - 2014-11-19 20:51 - 000000000 ____D C:\Program Files\Common Files\Logitech 2018-05-16 19:36 - 2013-06-24 21:46 - 000000000 ____D C:\Users\Furball\AppData\Roaming\vlc 2018-05-16 14:23 - 2015-03-05 20:02 - 000000000 ____D C:\Users\Furball\Documents\TACHO 2018-05-16 09:31 - 2013-06-18 01:37 - 000000000 ____D C:\Users\Furball\Desktop\Utilities 2018-05-16 09:30 - 2013-08-07 18:59 - 000000000 ____D C:\Users\Furball\Desktop\Camera July13 2018-05-16 03:32 - 2013-06-20 19:11 - 000002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-05-12 12:27 - 2013-06-18 02:32 - 000000000 ____D C:\Users\Furball\AppData\Roaming\.minecraft 2018-05-09 03:33 - 2014-06-28 21:57 - 000000000 ____D C:\Users\Furball\AppData\Roaming\Kalypso Media 2018-05-09 03:33 - 2013-07-03 15:57 - 000000000 ____D C:\Users\Furball\Documents\My Games 2018-05-09 01:04 - 2018-03-17 21:29 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-05-09 01:04 - 2013-06-18 03:08 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-05-09 01:04 - 2013-06-18 03:08 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-05-09 01:04 - 2013-06-18 03:08 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-05-09 01:04 - 2013-06-18 03:08 - 000000000 ____D C:\Windows\system32\Macromed 2018-05-08 08:52 - 2015-02-16 22:10 - 000000000 ____D C:\Users\Furball\AppData\Roaming\Spotify 2018-05-08 08:52 - 2015-02-16 22:10 - 000000000 ____D C:\Users\Furball\AppData\Local\Spotify 2018-04-28 18:39 - 2014-01-29 13:16 - 000000000 ____D C:\Temp 2018-04-28 18:06 - 2016-12-08 19:32 - 000000000 ____D C:\Program Files (x86)\Snooper Map Downloader 2018-04-26 05:36 - 2017-12-03 06:16 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys ==================== Files in the root of some directories ======= 2014-03-11 05:09 - 2014-03-11 05:09 - 000000120 _____ () C:\Users\Furball\AppData\Roaming\85053dec.dat 2012-12-11 19:47 - 2012-12-11 19:47 - 000012288 _____ (Archlink Technology Corporation) C:\Users\Furball\AppData\Roaming\CheckOSandLaunch.exe 2012-12-12 16:14 - 2012-12-12 16:14 - 000001855 _____ () C:\Users\Furball\AppData\Roaming\CheckOSandLaunch.exe.config 2018-02-12 10:16 - 2018-02-12 10:16 - 000000000 _____ () C:\Users\Furball\AppData\Local\D28837.tmp 2013-07-01 08:44 - 2013-07-01 08:44 - 000000095 _____ () C:\Users\Furball\AppData\Local\fusioncache.dat 2014-11-19 21:08 - 2014-11-19 21:08 - 000000000 ___SH () C:\Users\Furball\AppData\Local\LumaEmu ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-18 01:54 ==================== End of FRST.txt ============================ AdwCleaner[S01].txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Devans23 Posted May 26, 2018 Author ID:1246157 Share Posted May 26, 2018 # ------------------------------- # Malwarebytes AdwCleaner 7.1.1.0 # ------------------------------- # Build: 04-27-2018 # Database: 2018-05-22.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-25-2018 # Duration: 00:00:07 # OS: Windows 7 Ultimate # Scanned: 40907 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01 Ran by Furball (administrator) on FURBALL-PC (25-05-2018 23:54:18) Running from C:\Users\Furball\Desktop Loaded Profiles: Furball (Available Profiles: Furball) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18630280 2018-05-07] (Logitech Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1160177866-105647462-3583954654-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1160177866-105647462-3583954654-1000\...\MountPoints2: {12564ef0-d7a7-11e2-b83e-bc5ff48a58bd} - G:\setup.exe HKU\S-1-5-21-1160177866-105647462-3583954654-1000\...\MountPoints2: {2a4da7a8-fba3-11e6-86df-bc5ff48a58bd} - J:\SETUP.EXE HKU\S-1-5-21-1160177866-105647462-3583954654-1000\...\MountPoints2: {cb1625a6-5ca2-11e4-a685-bc5ff48a58bd} - F:\setup.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [171712 2018-01-24] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [149736 2018-01-24] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2014-05-14] ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico () Startup: C:\Users\Furball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cosmic Scenes.lnk [2013-06-18] ShortcutTarget: Cosmic Scenes.lnk -> C:\Program Files (x86)\Cosmic Scenes\CosmicScenes.exe () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CFE4F654-8115-4288-8D15-9AEE85078DDA}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-1160177866-105647462-3583954654-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/ BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-23] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> d:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-03-10] (Perfect World Entertainment Inc) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-23] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Furball\AppData\Roaming\Mozilla\Firefox\Profiles\l0xssp78.default [2018-05-23] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] () FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [No File] FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> d:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2014-05-14] (Simon Bünzli) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-23] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> d:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-03-10] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) FF Plugin HKU\S-1-5-21-1160177866-105647462-3583954654-1000: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> d:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2014-05-14] (Simon Bünzli) FF Plugin HKU\S-1-5-21-1160177866-105647462-3583954654-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default [2018-05-23] CHR Extension: (Docs) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25] CHR Extension: (Google Drive) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27] CHR Extension: (YouTube) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27] CHR Extension: (Google Search) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27] CHR Extension: (Google Docs Offline) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-31] CHR Extension: (AdBlock) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-22] CHR Extension: (Gmail) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05] CHR Extension: (Chrome Media Router) - C:\Users\Furball\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-27] Opera: ======= OPR Extension: (AdBlock) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2014-11-19] OPR Extension: (YouTube Center) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\cdcifocibecgcgigbanojipblimlaoij [2014-11-19] OPR Extension: (Dark Skin for Youtube™) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmbefbhbhjgnjbegmnhmakmmldnfogcd [2014-11-19] OPR Extension: (YouTube Downloader) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2013-11-23] OPR Extension: (cleanPages) - C:\Users\Furball\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgpkcoplbemkfoacdhpjhgdokcagnhkg [2013-11-23] StartMenuInternet: (HKLM) OperaStable - D:\Program Files (x86)\Opera\Launcher.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ArcService; d:\Program Files (x86)\Arc\ArcService.exe [88400 2015-03-10] (Perfect World Entertainment Inc) S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC) S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-28] (BitRaider, LLC) S4 DAUpdaterSvc; D:\Program Files (x86)\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-02] (BioWare) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-27] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-27] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.) S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-12-04] (EasyAntiCheat Ltd) S4 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-14] (GOG.com) S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-10-14] (GOG.com) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries) S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-05-07] (Logitech Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.) S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-24] (NVIDIA Corporation) S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-24] (NVIDIA Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed] S2 tmHInstall; C:\Program Files\Thrustmaster\T.Flight Hotas\drivers\amd64\tmHInstall.exe [51872 2016-06-01] (Thrustmaster®) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-10-03] (BitRaider) R3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-10-12] (HID Global Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-26] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-26] (Disc Soft Ltd) R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [12704 2014-08-29] (DVDFab Software) S3 HidNt; C:\Windows\System32\DRIVERS\HIDNt.sys [22576 2008-04-18] (Microsoft Corporation) [File not signed] S3 HidNt; C:\Windows\SysWOW64\DRIVERS\HIDNt.sys [18992 2008-04-18] (Microsoft Corporation) [File not signed] S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 Mac606; C:\Windows\System32\DRIVERS\Mac606.sys [33200 2008-04-18] () [File not signed] S3 Mac606; C:\Windows\SysWOW64\DRIVERS\Mac606.sys [26672 2008-04-18] () [File not signed] S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-23] (Malwarebytes) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30280 2018-01-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-01-24] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57928 2018-01-24] (NVIDIA Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] () R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [44960 2014-08-29] (DVDFab Software) S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] S3 CM_VENDER_CMD; \??\C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] S3 nvoclk64; system32\DRIVERS\nvoclk64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-25 23:54 - 2018-05-25 23:54 - 000016224 _____ C:\Users\Furball\Desktop\FRST.txt 2018-05-25 23:54 - 2018-05-25 23:54 - 000000000 ____D C:\FRST 2018-05-25 23:50 - 2018-05-25 23:52 - 000000000 ____D C:\AdwCleaner 2018-05-25 23:49 - 2018-05-25 23:48 - 002413056 _____ (Farbar) C:\Users\Furball\Desktop\FRST64.exe 2018-05-25 23:48 - 2018-05-25 23:48 - 007271632 _____ (Malwarebytes) C:\Users\Furball\Desktop\adwcleaner_7.1.1.exe 2018-05-23 20:37 - 2018-05-23 20:37 - 000000000 ____D C:\Users\Furball\Documents\ProcAlyzer Dumps 2018-05-23 20:36 - 2018-05-23 20:36 - 000001304 _____ C:\Users\Furball\Desktop\gg.txt 2018-05-23 20:10 - 2018-05-23 20:38 - 000001278 _____ C:\Windows\ntbtlog.txt 2018-05-23 19:34 - 2018-05-23 20:36 - 000000000 ____D C:\Users\Furball\AppData\Local\CrashDumps 2018-05-23 19:31 - 2018-05-23 20:37 - 000001780 _____ C:\Users\Furball\Desktop\Rkill.txt 2018-05-22 22:46 - 2018-05-22 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-05-22 18:34 - 2018-05-22 18:34 - 000010204 _____ C:\Users\Furball\Documents\cc_20180522_183407.reg 2018-05-21 18:06 - 2018-05-21 18:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2018-05-21 18:06 - 2018-05-21 18:06 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2018-05-21 18:06 - 2018-05-21 18:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2018-05-21 18:06 - 2018-05-21 18:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2018-05-18 00:13 - 2018-05-18 00:13 - 000000000 ____D C:\Users\Furball\Documents\Reus 2018-05-16 22:01 - 2018-05-23 20:28 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-05-16 22:00 - 2018-05-16 22:00 - 075328704 _____ (Malwarebytes ) C:\Users\Furball\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5110.exe 2018-05-16 22:00 - 2018-05-16 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-05-16 20:57 - 2018-05-18 20:58 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-05-16 20:38 - 2018-05-16 20:38 - 000000000 ____D C:\Program Files\Common Files\AV 2018-05-16 19:51 - 2018-05-16 19:52 - 000000000 ____D C:\Program Files\Logitech Gaming Software 2018-05-16 19:50 - 2018-05-16 19:51 - 124322152 _____ (Logitech Inc.) C:\Users\Furball\Desktop\LGS_9.00.42_x64_Logitech.exe 2018-05-16 09:30 - 2018-05-16 09:30 - 000000000 ____D C:\Users\Furball\Desktop\Sketch 2018-05-09 09:19 - 2018-05-09 09:20 - 000000000 ____D C:\Users\Furball\AppData\Local\The Spatials 2018-05-09 03:32 - 2018-05-09 03:32 - 000000000 ____D C:\Users\Furball\Documents\Settlements 2018-05-09 01:17 - 2018-05-09 01:17 - 000000000 ____D C:\Users\Furball\AppData\LocalLow\Blue Wizard 2018-05-07 08:33 - 2018-05-07 08:33 - 000067736 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGJoyXlCore.sys 2018-05-07 08:33 - 2018-05-07 08:33 - 000036496 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGBusEnum.sys 2018-05-07 08:33 - 2018-05-07 08:33 - 000026008 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGVirHid.sys 2018-04-30 06:39 - 2018-04-30 06:39 - 000000000 ____D C:\Users\Furball\AppData\LocalLow\LionsShade 2018-04-29 09:09 - 2018-04-29 09:09 - 000000000 ____D C:\Users\Furball\AppData\LocalLow\Keiwan Donyagard 2018-04-29 09:08 - 2018-04-29 09:47 - 000000000 ____D C:\Users\Furball\Desktop\Evolution ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-25 23:52 - 2013-07-11 11:55 - 000000000 ____D C:\ProgramData\NVIDIA 2018-05-25 23:52 - 2009-07-14 05:45 - 000026736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-05-25 23:52 - 2009-07-14 05:45 - 000026736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-05-25 23:48 - 2016-01-27 06:17 - 000000000 ___RD C:\Users\Furball\Dropbox 2018-05-25 23:46 - 2016-01-27 06:14 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2018-05-25 23:45 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-05-25 07:01 - 2013-07-17 01:43 - 000000000 ____D C:\Program Files (x86)\Steam 2018-05-25 06:44 - 2016-01-27 06:14 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2018-05-25 03:52 - 2016-03-04 08:14 - 000000000 ____D C:\Users\Furball\AppData\Roaming\StardewValley 2018-05-23 20:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2018-05-23 20:03 - 2018-02-15 04:25 - 000000000 ____D C:\Users\Furball\Desktop\Comp Utilities 2018-05-23 20:01 - 2013-10-25 13:01 - 000000000 ____D C:\ProgramData\Oracle 2018-05-22 22:47 - 2015-08-31 03:40 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-05-22 20:27 - 2013-06-18 01:37 - 000000000 ____D C:\Users\Furball\Desktop\Games 2018-05-22 19:35 - 2015-03-05 19:47 - 000000000 ____D C:\ProgramData\GloboFleet 2018-05-20 01:49 - 2013-06-18 03:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-05-19 18:39 - 2016-01-27 06:14 - 000003906 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2018-05-19 18:39 - 2016-01-27 06:14 - 000003654 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2018-05-17 00:26 - 2013-06-20 19:11 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-05-17 00:26 - 2013-06-20 19:11 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-05-16 22:00 - 2017-12-03 06:16 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-05-16 21:10 - 2015-01-01 12:34 - 000000000 ____D C:\Users\Furball\Desktop\Browsers 2018-05-16 20:57 - 2017-03-04 15:28 - 000000000 ____D C:\Program Files\CCleaner 2018-05-16 20:38 - 2014-10-17 00:19 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-05-16 19:52 - 2014-10-27 19:09 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2018-05-16 19:52 - 2014-10-27 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2018-05-16 19:46 - 2014-11-19 20:51 - 000000000 ____D C:\Program Files\Common Files\Logitech 2018-05-16 19:36 - 2013-06-24 21:46 - 000000000 ____D C:\Users\Furball\AppData\Roaming\vlc 2018-05-16 14:23 - 2015-03-05 20:02 - 000000000 ____D C:\Users\Furball\Documents\TACHO 2018-05-16 09:31 - 2013-06-18 01:37 - 000000000 ____D C:\Users\Furball\Desktop\Utilities 2018-05-16 09:30 - 2013-08-07 18:59 - 000000000 ____D C:\Users\Furball\Desktop\Camera July13 2018-05-16 03:32 - 2013-06-20 19:11 - 000002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-05-12 12:27 - 2013-06-18 02:32 - 000000000 ____D C:\Users\Furball\AppData\Roaming\.minecraft 2018-05-09 03:33 - 2014-06-28 21:57 - 000000000 ____D C:\Users\Furball\AppData\Roaming\Kalypso Media 2018-05-09 03:33 - 2013-07-03 15:57 - 000000000 ____D C:\Users\Furball\Documents\My Games 2018-05-09 01:04 - 2018-03-17 21:29 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-05-09 01:04 - 2013-06-18 03:08 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-05-09 01:04 - 2013-06-18 03:08 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-05-09 01:04 - 2013-06-18 03:08 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-05-09 01:04 - 2013-06-18 03:08 - 000000000 ____D C:\Windows\system32\Macromed 2018-05-08 08:52 - 2015-02-16 22:10 - 000000000 ____D C:\Users\Furball\AppData\Roaming\Spotify 2018-05-08 08:52 - 2015-02-16 22:10 - 000000000 ____D C:\Users\Furball\AppData\Local\Spotify 2018-04-28 18:39 - 2014-01-29 13:16 - 000000000 ____D C:\Temp 2018-04-28 18:06 - 2016-12-08 19:32 - 000000000 ____D C:\Program Files (x86)\Snooper Map Downloader 2018-04-26 05:36 - 2017-12-03 06:16 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys ==================== Files in the root of some directories ======= 2014-03-11 05:09 - 2014-03-11 05:09 - 000000120 _____ () C:\Users\Furball\AppData\Roaming\85053dec.dat 2012-12-11 19:47 - 2012-12-11 19:47 - 000012288 _____ (Archlink Technology Corporation) C:\Users\Furball\AppData\Roaming\CheckOSandLaunch.exe 2012-12-12 16:14 - 2012-12-12 16:14 - 000001855 _____ () C:\Users\Furball\AppData\Roaming\CheckOSandLaunch.exe.config 2018-02-12 10:16 - 2018-02-12 10:16 - 000000000 _____ () C:\Users\Furball\AppData\Local\D28837.tmp 2013-07-01 08:44 - 2013-07-01 08:44 - 000000095 _____ () C:\Users\Furball\AppData\Local\fusioncache.dat 2014-11-19 21:08 - 2014-11-19 21:08 - 000000000 ___SH () C:\Users\Furball\AppData\Local\LumaEmu ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-18 01:54 ==================== End of FRST.txt ============================ AdwCleaner[S01].txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
nasdaq Posted May 26, 2018 ID:1246196 Share Posted May 26, 2018 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === ATTENTION: System Restore is disabled Turn your System Restore ON - Windows Helphttps://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses <<<>>> Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Reset your Maxthon browser to the default setting.https://ccm.net/faq/12570-maxthon-reset-your-browser-to-default-settings Restart the computer normally. Let me know if the problem persists. p.s. Are you Syncing this Browser with other devices?http://www.maxthon.com/mx5/features/cloud-sync/ The Syncing may be the issue. fixlist.txt Link to post Share on other sites More sharing options...
Devans23 Posted May 26, 2018 Author ID:1246198 Share Posted May 26, 2018 (edited) I'm a bit dubious about system restore. Will that delete anything I already have installed? Maxthon doesn't seem to by syncing (I deleted a tab from one machine to see if it was removed from another). EDIT I did what you said and attach the fixlog. I also got an error after it completed. I've added the error to the start of the fixlog. Fixlog.txt Edited May 26, 2018 by Devans23 added log Link to post Share on other sites More sharing options...
nasdaq Posted May 26, 2018 ID:1246207 Share Posted May 26, 2018 Hi, I think you have a wrong perception about the Restore point. Read about it.https://www.lifewire.com/what-is-a-restore-point-2625988 === I suggest you restore it now. This will ensure that any change to the systems from then on will be register in a new restore point. For example in my suggested fix these 3 registry settings will be fixed.Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION as will be the other entries. After the execution the program a new restore point will be created. If by any chance I make a mistake or something goes wrong then you will be able to restore your system to the previous restore point. I can assure you this will not happen. After the fix and the Restart of the computer if the problem persists let me know. Link to post Share on other sites More sharing options...
Devans23 Posted May 26, 2018 Author ID:1246208 Share Posted May 26, 2018 I'm getting "Backup application could not start due to an internal error: Access is denied (0x80070005) Link to post Share on other sites More sharing options...
nasdaq Posted May 26, 2018 ID:1246233 Share Posted May 26, 2018 Hi, Make sure your start the computer in an Administrator profile. Link to post Share on other sites More sharing options...
Devans23 Posted May 26, 2018 Author ID:1246254 Share Posted May 26, 2018 I was in Admin profile (always am) but the Shadow Copy tool was disabled in started up. Sorted that. I have done the system restore and ran the fixlist thing. FRST came up with an error: Problem signature: Problem Event Name: BEX64 Application Name: FRST64.exe Application Version: 16.5.2018.1 Application Timestamp: 5afc7a8c Fault Module Name: RTSUltraMonHook.dll_unloaded Fault Module Version: 0.0.0.0 Fault Module Timestamp: 4b775b3b Exception Offset: 000000006e8189d8 Exception Code: c0000005 Exception Data: 0000000000000008 OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 2057 Additional Information 1: c654 Additional Information 2: c654fb2404d713c28735e15e49727a39 Additional Information 3: 2b79 Additional Information 4: 2b79ae145bcd9c899fd19fee1ea8fb9b The results of the FRST fix is attached below. Thanks for your continued help. Fixlog.txt Link to post Share on other sites More sharing options...
nasdaq Posted May 27, 2018 ID:1246293 Share Posted May 27, 2018 Hi, Problem signature: Problem Event Name: BEX64 Application Name: FRST64.exe Application Version: 16.5.2018.1 Application Timestamp: 5afc7a8c Fault Module Name: RTSUltraMonHook.dll_unloaded RTSUltraMonHook.dll_unloaded which is for UltraMon. Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2014-05-14] ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico () Do you have issues with this or is it obsolete? How is the computer running? Link to post Share on other sites More sharing options...
Devans23 Posted May 28, 2018 Author ID:1246396 Share Posted May 28, 2018 Ultra mon is just a monitor thing from when I used to run two screens. I'm still having the audio playing when I use Maxthon. This time it started when I googled Steam. Link to post Share on other sites More sharing options...
nasdaq Posted May 28, 2018 ID:1246452 Share Posted May 28, 2018 Hi, Can this help?http://wiki.maxthon.com/index.php/Maxthon_3_-_Mute_button Link to post Share on other sites More sharing options...
Devans23 Posted May 28, 2018 Author ID:1246455 Share Posted May 28, 2018 I run Maxthon on three computers and my phone. I've never had bitcoin adverts on the others. It's less about muting it than removing any infection. I mainly game on that computer and don't browse, so I'm puzzled by the problem. I only noticed it when I opened a browser to read Steam (easier than from the library app). Thanks. Link to post Share on other sites More sharing options...
nasdaq Posted May 28, 2018 ID:1246460 Share Posted May 28, 2018 Hi, Lets find out if it's coming from FLASH Disable it.https://www.howtogeek.com/222275/how-to-uninstall-and-disable-flash-in-every-web-browser/ === Zemana Antimalware Please download Zemana Antimalware (Freeware) and save it to your computer's Desktop. Right-click on the icon and select Run as administrator to install the program. Click Yes to accept the UAC security warning that may appear. Select the language and click the OK button. Click the Next button, accept the EULA warning and follow the instructions to continue and install the program. Once the installation is complete it will start automatically. Wait a few seconds until the update of signature database is complete. Without changing any options, click Scan to begin. After the short scan is finished, if threats are detected click Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Click on the Back button. On the top right corner click on Reports icon (the one with three bars) and double click on the latest report. Now click File > Save As, then select your computer's Desktop and click the Save button. Please attach the saved report in your next reply. Link to post Share on other sites More sharing options...
Devans23 Posted May 28, 2018 Author ID:1246542 Share Posted May 28, 2018 Flash uninstalled. Scanner found nothing. Report attached. And that didn't work. I'm still getting audio stuff. At this point I'm thinking of reformatting the HD. 2018.05.29-00.12.55-i0-t92-d0.txt Link to post Share on other sites More sharing options...
nasdaq Posted May 29, 2018 ID:1246640 Share Posted May 29, 2018 Hi, Are you starting Maxthon via a icon (.lnk) file? If you do check the properties of that .lnk I Link to post Share on other sites More sharing options...
Recommended Posts