Malware keeps popping up when i havent downloaded anything

Slyfur · September 13, 2018

Also when i run a game the ping is very high 100-1000

can you please figure out if my computer is infected or is there something wrong with it in general?

AdvancedSetup · September 13, 2018

Hello @Slyfur and :welcome:

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
If you don't have Malwarebytes 3 installed yet please download it from here and install it.
Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

Right-click on the program and select Run as Administrator to start the tool.
Accept the Terms of use.
Wait until the database is updated.
Click Scan.
When finished, please click Clean.
Your PC should reboot now if any items were found.
After reboot, a log file will be opened. Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens, click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
Please attach the Additions.txt log to your reply as well.

Thanks

Ron

Slyfur · September 13, 2018

Scan.txt

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-13-2018
# Duration: 00:00:02
# OS: Windows 7 Ultimate
# Cleaned: 1
# Failed: 1

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Not Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]
AdwCleaner[S04].txt - [1558 octets] - [05/09/2018 14:50:33]
AdwCleaner[S05].txt - [1619 octets] - [05/09/2018 17:00:14]
AdwCleaner[S06].txt - [1680 octets] - [05/09/2018 17:44:47]
AdwCleaner[S07].txt - [1741 octets] - [07/09/2018 21:08:13]
AdwCleaner[S08].txt - [1802 octets] - [09/09/2018 17:03:55]
AdwCleaner[S09].txt - [1902 octets] - [13/09/2018 15:00:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C09].txt ##########
FRST.txt

Addition.txt

Slyfur · September 13, 2018

I sent the clean mode hopefully it's what you needed but here is also the scan logs

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-13-2018
# Duration: 00:00:25
# OS: Windows 7 Ultimate
# Scanned: 41915
# Detected: 2

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]
AdwCleaner[S04].txt - [1558 octets] - [05/09/2018 14:50:33]
AdwCleaner[S05].txt - [1619 octets] - [05/09/2018 17:00:14]
AdwCleaner[S06].txt - [1680 octets] - [05/09/2018 17:44:47]
AdwCleaner[S07].txt - [1741 octets] - [07/09/2018 21:08:13]
AdwCleaner[S08].txt - [1802 octets] - [09/09/2018 17:03:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S09].txt ##########

AdvancedSetup · September 13, 2018

Overall the logs don't look too bad. Let me have you run the following please.

Please visit this web page and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Slyfur · September 13, 2018

ComboFix 18-08-08.01 - Administrator 3/2018 Thu 19:30:40.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.936.86.1033.18.8158.5135 [GMT -4:00]
执行位置: c:\users\Administrator\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( 2018-08-13 至 2018-09-13 的新的档案 )))))))))))))))))))))))))))))))
.
.
2018-09-13 23:36 . 2018-09-13 23:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2018-09-13 23:29 . 2018-09-13 23:29   58120   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys
2018-09-13 22:30 . 2018-09-13 22:36   98616   ----a-w-   c:\windows\system32\drivers\mwac.sys
2018-09-13 18:51 . 2018-08-21 18:04   14821528   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\mpengine.dll
2018-09-12 00:10 . 2018-08-21 18:04   14821528   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-09-11 23:51 . 2018-09-13 22:30   117472   ----a-w-   c:\windows\system32\drivers\farflt.sys
2018-09-11 18:53 . 2018-08-23 22:00   15283712   ----a-w-   c:\windows\system32\ieframe.dll
2018-09-10 23:42 . 2018-09-13 22:30   259360   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2018-09-05 23:56 . 2018-09-05 23:56   --------   d-----w-   C:\KVRT_Data
2018-09-05 21:33 . 2018-09-05 21:33   255928   ----a-w-   c:\windows\system32\drivers\7141A5F8.sys
2018-09-05 21:22 . 2018-09-05 21:22   255928   ----a-w-   c:\windows\system32\drivers\45439380.sys
2018-09-05 21:21 . 2018-09-05 21:42   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2018-09-05 18:57 . 2018-09-13 19:11   --------   d-----w-   C:\FRST
2018-09-05 18:42 . 2018-09-13 22:30   52328   ----a-w-   c:\windows\system32\drivers\mbam.sys
2018-09-05 18:42 . 2018-09-07 00:10   193256   ----a-w-   c:\windows\system32\drivers\MbamChameleon.sys
2018-09-05 18:42 . 2018-07-12 12:42   152688   ----a-w-   c:\windows\system32\drivers\mbae64.sys
2018-09-05 18:42 . 2018-09-05 21:22   --------   d-----w-   c:\programdata\Malwarebytes
2018-09-05 04:01 . 2018-09-05 04:01   --------   d-----w-   c:\program files\Malwarebytes
2018-09-04 03:12 . 2018-09-04 18:59   --------   d-----w-   C:\AdwCleaner
2018-09-03 22:23 . 2018-09-03 22:23   --------   d-----w-   c:\users\Administrator\AppData\Local\mbam
2018-08-26 21:33 . 2018-09-06 18:47   --------   d-----w-   c:\users\Administrator\AppData\Local\PrimeQuintaUpdateSoftware
2018-08-26 21:33 . 2018-08-26 21:33   --------   d-----w-   c:\program files (x86)\Common Files\EastCharonHCS
2018-08-26 21:32 . 2018-08-26 21:32   --------   d-----w-   c:\program files (x86)\AutoicousMarasmusAutoicousMarasmus
2018-08-26 21:27 . 2018-08-29 19:36   --------   d-----w-   c:\users\Administrator\AppData\Roaming\PokeMMO
2018-08-21 01:14 . 2018-09-02 03:21   --------   d-----w-   c:\users\Administrator\AppData\Local\Roblox
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-09-13 22:29 . 2018-04-15 18:33   65536   ----a-w-   c:\windows\system32\spu_storage.bin
2018-09-11 20:12 . 2017-02-09 05:49   139184408   -c--a-w-   c:\windows\system32\MRT.exe
2018-08-10 15:39 . 2018-09-11 18:53   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2018-08-03 15:55 . 2018-08-14 18:25   109568   ----a-w-   c:\windows\system32\hlink.dll
2018-08-03 15:39 . 2018-08-14 18:25   84992   ----a-w-   c:\windows\SysWow64\hlink.dll
2018-07-16 22:02 . 2010-11-21 03:27   563832   ------w-   c:\windows\system32\MpSigStub.exe
2018-07-07 16:01 . 2018-09-11 18:54   316928   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
2018-07-07 15:46 . 2018-09-11 18:53   2560   ----a-w-   c:\windows\apppatch\AcRes.dll
2018-07-07 15:46 . 2018-09-11 18:54   2182656   ----a-w-   c:\windows\apppatch\AcGenral.dll
2018-07-07 15:24 . 2018-08-14 18:25   3226112   ----a-w-   c:\windows\system32\win32k.sys
2018-07-06 16:09 . 2018-08-14 18:25   947904   ----a-w-   c:\windows\system32\drivers\ndis.sys
2018-06-29 15:55 . 2018-08-14 18:25   695808   ----a-w-   c:\windows\system32\cscsvc.dll
2018-06-29 15:55 . 2018-08-14 18:25   137728   ----a-w-   c:\windows\system32\CscMig.dll
2018-06-29 15:55 . 2018-08-14 18:25   45568   ----a-w-   c:\windows\system32\cscapi.dll
2018-06-29 15:55 . 2018-08-14 18:25   30208   ----a-w-   c:\windows\system32\cscdll.dll
2018-06-29 15:40 . 2018-08-14 18:25   23040   ----a-w-   c:\windows\SysWow64\cscdll.dll
2018-06-29 15:14 . 2018-08-14 18:25   516096   ----a-w-   c:\windows\system32\drivers\csc.sys
2018-06-29 15:09 . 2018-08-14 18:25   34304   ----a-w-   c:\windows\SysWow64\cscapi.dll
2018-06-27 16:01 . 2018-08-14 18:25   114368   ----a-w-   c:\windows\system32\consent.exe
2018-06-27 15:55 . 2018-08-14 18:25   484864   ----a-w-   c:\windows\system32\StructuredQuery.dll
2018-06-27 15:55 . 2018-08-14 18:25   3246592   ----a-w-   c:\windows\system32\msi.dll
2018-06-27 15:55 . 2018-08-14 18:25   504320   ----a-w-   c:\windows\system32\msihnd.dll
2018-06-27 15:55 . 2018-08-14 18:25   25088   ----a-w-   c:\windows\system32\msimsg.dll
2018-06-27 15:54 . 2018-08-14 18:25   1942016   ----a-w-   c:\windows\system32\authui.dll
2018-06-27 15:54 . 2018-08-14 18:25   70144   ----a-w-   c:\windows\system32\appinfo.dll
2018-06-27 15:43 . 2018-08-14 18:25   363520   ----a-w-   c:\windows\SysWow64\StructuredQuery.dll
2018-06-27 15:42 . 2018-08-14 18:25   2366464   ----a-w-   c:\windows\SysWow64\msi.dll
2018-06-27 15:42 . 2018-08-14 18:25   337408   ----a-w-   c:\windows\SysWow64\msihnd.dll
2018-06-27 15:42 . 2018-08-14 18:25   25088   ----a-w-   c:\windows\SysWow64\msimsg.dll
2018-06-27 15:41 . 2018-08-14 18:25   1806848   ----a-w-   c:\windows\SysWow64\authui.dll
2018-06-27 15:21 . 2018-08-14 18:25   128512   ----a-w-   c:\windows\system32\msiexec.exe
2018-06-27 15:16 . 2018-08-14 18:25   73216   ----a-w-   c:\windows\SysWow64\msiexec.exe
2018-06-21 03:33 . 2018-08-14 18:25   2048   ----a-w-   c:\windows\system32\tzres.dll
2018-06-21 03:09 . 2018-08-14 18:25   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Discord"="c:\users\Administrator\AppData\Local\Discord\app-0.0.301\Discord.exe" [2018-05-01 57816920]
"Steam"="c:\users\Administrator\Desktop\New folder\steam.exe" [2018-09-08 3207968]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2018-08-08 1384840]
"Spotify"="c:\users\Administrator\AppData\Roaming\Spotify\Spotify.exe" [2018-08-23 24453008]
"EpicGamesLauncher"="c:\program files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" [2018-09-11 32993168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 PNPMEM;Microsoft Memory Module Driver;c:\windows\system32\DRIVERS\pnpmem.sys;c:\windows\SYSNATIVE\DRIVERS\pnpmem.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 stornvme;stornvme;c:\windows\system32\drivers\stornvme.sys;c:\windows\SYSNATIVE\drivers\stornvme.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WiaRpc;Still Image Acquisition Events;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 MpKslebaad46f;MpKslebaad46f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 98635395
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - MPKSLEBAAD46F
*Deregistered* - 29124B04
*Deregistered* - 98635395
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ    SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
WiaRpc
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-15 1353680]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
WiaRpc
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,5e,89,40,7f,18,05,4b,b1,5b,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,5e,89,40,7f,18,05,4b,b1,5b,af,\
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2018-09-13 19:37:42
ComboFix-quarantined-files.txt 2018-09-13 23:37
.
Pre-Run: 106,273,267,712 bytes free
Post-Run: 106,685,374,464 bytes free
.
- - End Of File - - 8DA21D926EC635DC3AAE5EC7517EE7F5

AdvancedSetup · September 13, 2018

Thanks,

Let's go ahead and run a scan with Kaspersky and see if it can find anything else.

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not

Slyfur · September 13, 2018

https://gyazo.com/f015ae710cf4df0b61ba95567bb2fd2a

nothing appeared so i guess im good

AdvancedSetup · September 14, 2018

So are you having any popups or other issues still?

Are you using an Ad Blocker for your browser?

Slyfur · September 14, 2018

I am using adblocker

So i dont think ill be able to see the popups

Slyfur · September 14, 2018

Uh i cant shut off my pc

Slyfur · September 14, 2018

I was able to hold the power button and shut it off, when i turned it back on it was able to shut off again

Slyfur · September 14, 2018

But it looks like everything is fine

AdvancedSetup · September 14, 2018

Great, glad to hear. I'll go ahead then and close your topic but if you do need anything else please let us know.

Take care

Ron

AdvancedSetup · September 14, 2018

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

Malware keeps popping up when i havent downloaded anything

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information