Is my PC corrupted?

[Njoma1]

Hey guys, im geting a message every few seconds saying "Website blocked due to Trojan , IP adress is not mine, port 55140 and type Outbound (sometimes it says c/windows/explorer.exe)". I downloaded some files that were trojans couple days ago and I cleared them all with Malwarebytes but im still geting these messages even though when i run a scan check now it says my PC is clean. 

Is this an program error or my PC is still corrupt?

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

These attacks are stopped by Malwarebytes and you are notified accordingly.

Check the Notifications settings.
Change the setting Show Malwarebytes Notifications to Off
https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png

===

If the problem persists run this program.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

 

[Njoma1]

Test teste.

[nasdaq]

What are you testing.

Please post the logs for my review.

 

[Njoma1]

Hey, sorry i was geting some error messages that said it was spam or something.. i sent you a private message with the info i guess you didnt see it.. here it goes
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018
Ran by Korisnik1 (administrator) on KORISNIK1-PC (28-09-2018 22:54:55)
Running from C:\Users\Korisnik1\Desktop\tes
Loaded Profiles: Korisnik1 (Available Profiles: Korisnik1)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Oracle Corporation) D:\oracle\app\oracle\product\11.2.0\server\bin\oracle.exe
(Oracle Corporation) D:\oracle\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [Viber] => C:\Users\Korisnik1\AppData\Local\Viber\Viber.exe [35790408 2018-09-17] (Viber Media S.à r.l.)
HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\MountPoints2: F - F:\MTW2_Gold_setup.exe
HKU\S-1-5-21-3457384497-306178297-758070085-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk [2018-06-14]
ShortcutTarget: I.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe ()
Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2018-06-14]
ShortcutTarget: v.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{51D6A19B-EB54-49E8-8760-38677EF6AE0E}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{A1790DF9-D320-4C10-B896-EB26748F573F}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaie
HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3457384497-306178297-758070085-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180128__yaie&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)

FireFox:
========
FF DefaultProfile: 6r4tchdq.default
FF ProfilePath: C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default [2018-09-28]
FF user.js: detected! => C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\6r4tchdq.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaff
FF NewTab: Mozilla\Firefox\Profiles\6r4tchdq.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaff
FF SearchPlugin: C:\Users\Korisnik1\AppData\Roaming\Mozilla\Firefox\Profiles\6r4tchdq.default\searchplugins\yahoo-lavasoft.xml [2018-01-28]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Korisnik1\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3457384497-306178297-758070085-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Korisnik1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default [2018-09-28]
CHR Extension: (Slides) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15]
CHR Extension: (YouTube) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Sheets) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Postman) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2018-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\Korisnik1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-09-18] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395536 2016-12-27] (EasyAntiCheat Ltd)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-03-28] (Hi-Rez Studios) [File not signed]
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172784 2016-07-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-06-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] ()
S4 OracleJobSchedulerXE; d:\oracle\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed]
S3 OracleMTSRecoveryService; D:\oracle\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleServiceXE; d:\oracle\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; D:\oracle\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleXETNSListener; D:\oracle\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2017-12-05] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252520 2016-05-25] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-19] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-14] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-28] (Motorola Solutions, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [355080 2016-07-31] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-09-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-09-28] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3425768 2014-11-17] (Intel Corporation)
R1 nfstat; C:\Windows\System32\drivers\nfstat.sys [134760 2018-09-20] (Riverbed Technology, Inc.)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [416472 2016-05-18] (Realsil Semiconductor Corporation)
S3 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2017-06-06] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
U3 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-28 22:54 - 2018-09-28 22:54 - 000000000 ____D C:\Users\Korisnik1\Desktop\tes
2018-09-28 22:54 - 2018-09-28 22:54 - 000000000 ____D C:\FRST
2018-09-28 15:38 - 2018-09-28 15:38 - 000000023 _____ C:\Users\Korisnik1\Desktop\tablete.txt
2018-09-28 14:37 - 2018-09-28 22:41 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-09-28 14:37 - 2018-09-28 14:37 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-09-28 14:37 - 2018-09-28 14:37 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-09-28 14:36 - 2018-09-28 14:36 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-09-28 14:26 - 2018-09-28 14:34 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\AVAST Software
2018-09-28 14:22 - 2018-09-28 14:22 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-09-28 14:22 - 2018-09-28 14:22 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-09-28 14:22 - 2018-09-28 14:22 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-28 14:22 - 2018-09-28 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-28 14:22 - 2018-09-28 14:22 - 000000000 ____D C:\Program Files\CCleaner
2018-09-28 14:20 - 2018-09-28 14:21 - 016796856 _____ (Piriform Ltd) C:\Users\Korisnik1\Downloads\ccsetup547.exe
2018-09-28 02:10 - 2018-09-28 02:10 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-09-28 02:10 - 2018-09-28 02:10 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-28 02:10 - 2018-09-28 02:10 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\mbamtray
2018-09-28 02:10 - 2018-09-28 02:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-28 02:10 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-27 00:21 - 2018-09-27 00:21 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Viber
2018-09-26 23:54 - 2018-09-26 23:54 - 000000000 ____D C:\Program Files (x86)\TigerTrade
2018-09-20 09:16 - 2018-09-20 09:16 - 000134760 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\nfstat.sys
2018-09-12 22:36 - 2018-09-12 22:36 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Oblivion
2018-09-12 22:34 - 2018-09-12 22:34 - 000001662 _____ C:\Users\Public\Desktop\The Elder Scrolls IV - Oblivion.lnk
2018-09-12 22:34 - 2018-09-12 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-09-12 01:06 - 2018-09-12 01:06 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e10.when.this.is.over.(2018).hrv.1cd.(7475850)
2018-09-12 01:03 - 2018-09-12 01:03 - 000039875 _____ C:\Users\Korisnik1\Downloads\power.s05.e10.when.this.is.over.(2018).hrv.1cd.(7475850).zip
2018-09-08 21:18 - 2018-09-08 21:18 - 000000000 ____D C:\Users\Korisnik1\Desktop\sajt
2018-09-08 20:23 - 2018-09-27 00:42 - 000000000 ____D C:\Users\Korisnik1\Documents\ViberDownloads
2018-09-08 02:39 - 2018-09-08 02:39 - 000059546 _____ C:\Users\Korisnik1\Downloads\deadpool.2.(2018).hrv.1cd.(7467082).zip
2018-09-08 02:39 - 2018-09-08 02:39 - 000000000 ____D C:\Users\Korisnik1\Downloads\deadpool.2.(2018).hrv.1cd.(7467082)
2018-09-07 03:03 - 2018-09-07 03:03 - 000033471 _____ C:\Users\Korisnik1\Downloads\power.s05.e09.theres.a.snitch.among.us.(2018).hrv.1cd.(7468767).zip
2018-09-07 03:03 - 2018-09-07 03:03 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e09.theres.a.snitch.among.us.(2018).hrv.1cd.(7468767)
2018-09-03 07:17 - 2018-09-03 07:17 - 000005361 _____ C:\Users\Korisnik1\Downloads\zavrsni.sql
2018-09-03 01:33 - 2018-09-03 01:33 - 000000000 ____D C:\Users\Korisnik1\Downloads\Projekat11F
2018-09-03 01:30 - 2018-09-03 01:31 - 048919564 _____ C:\Users\Korisnik1\Downloads\Projekat11F.rar
2018-09-02 18:12 - 2018-09-02 18:13 - 048533775 _____ C:\Users\Korisnik1\Downloads\Projekat11.rar
2018-09-01 02:50 - 2018-09-01 02:50 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-09-01 02:38 - 2018-09-01 02:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-08-30 13:51 - 2018-08-30 23:28 - 000000000 ____D C:\Users\Korisnik1\.android
2018-08-30 03:01 - 2018-08-30 03:01 - 000000000 ____D C:\Users\Korisnik1\Downloads\Projekat11
2018-08-29 01:11 - 2018-08-29 01:11 - 000030256 _____ C:\Users\Korisnik1\Downloads\power.s05.e08.a.friend.of.the.family.(2018).eng.1cd.(7462834).zip
2018-08-29 01:11 - 2018-08-29 01:11 - 000000000 ____D C:\Users\Korisnik1\Downloads\power.s05.e08.a.friend.of.the.family.(2018).eng.1cd.(7462834)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-28 14:43 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-28 14:43 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-28 14:41 - 2016-10-14 16:50 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\ClassicShell
2018-09-28 14:38 - 2017-04-06 15:03 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\ViberPC
2018-09-28 14:36 - 2016-10-14 18:18 - 000000000 __SHD C:\Users\Korisnik1\IntelGraphicsProfiles
2018-09-28 14:36 - 2016-10-14 18:15 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-09-28 14:36 - 2016-10-14 16:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-09-28 14:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-28 14:34 - 2016-10-14 16:39 - 000000000 ____D C:\ProgramData\AVAST Software
2018-09-28 14:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-09-28 14:28 - 2017-01-02 17:45 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\MPC-HC
2018-09-28 14:28 - 2016-11-27 20:05 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\TS3Client
2018-09-28 14:28 - 2016-10-14 16:32 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\TeamViewer
2018-09-28 14:25 - 2016-10-14 17:58 - 000000000 ____D C:\Windows\Panther
2018-09-27 14:43 - 2016-11-27 20:05 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-09-26 23:57 - 2018-01-28 19:25 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\uTorrent
2018-09-26 23:55 - 2016-10-14 16:33 - 000000000 ____D C:\Program Files (x86)\Google
2018-09-20 21:08 - 2016-10-18 07:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-20 21:06 - 2016-10-18 07:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-19 00:47 - 2017-02-10 03:51 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\vlc
2018-09-17 23:15 - 2016-10-14 18:32 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-17 23:15 - 2016-10-14 18:32 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-12 22:46 - 2016-10-14 12:58 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\VirtualStore
2018-09-12 22:40 - 2016-11-24 19:52 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-09-12 22:36 - 2016-11-11 20:31 - 000000000 ____D C:\Users\Korisnik1\Documents\My Games
2018-09-12 22:24 - 2017-04-03 21:19 - 000000000 ____D C:\GOG Games
2018-09-04 13:33 - 2009-07-14 07:13 - 000784474 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-03 17:25 - 2018-01-28 00:56 - 000000000 ____D C:\Users\Korisnik1\Documents\Paradox Interactive
2018-09-01 19:06 - 2018-08-28 18:21 - 000000414 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-09-01 13:47 - 2018-06-28 16:08 - 000000000 ____D C:\Users\Korisnik1\Desktop\Com's
2018-09-01 02:37 - 2017-03-16 21:21 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-09-01 02:37 - 2016-10-14 16:34 - 000000000 ____D C:\ProgramData\Skype
2018-09-01 02:34 - 2016-10-14 18:03 - 000000000 ____D C:\Users\Korisnik1\AppData\Roaming\Skype
2018-08-30 13:51 - 2016-10-14 12:58 - 000000000 ____D C:\Users\Korisnik1
2018-08-30 13:47 - 2017-10-05 18:58 - 000000000 ____D C:\Program Files\Android
2018-08-30 01:01 - 2016-11-21 20:04 - 000000000 ____D C:\Users\Korisnik1\AppData\Local\Eclipse
2018-08-30 01:01 - 2016-11-21 19:51 - 000000000 ____D C:\Users\Korisnik1\.p2

==================== Files in the root of some directories =======

2018-06-14 14:19 - 2018-06-14 14:19 - 078921826 __RSH () C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe
2018-06-14 14:19 - 2018-06-14 14:19 - 078963298 __RSH () C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe
2018-07-29 22:04 - 2018-07-29 22:04 - 000000017 _____ () C:\Users\Korisnik1\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-09-28 14:36 - 2016-04-19 00:34 - 000805376 _____ (Microsoft Corporation) C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-26 17:30

==================== End of FRST.txt ===========================

Addition.txt

[nasdaq]

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know of any remaining issues with this computer.

fixlist.txt

[Njoma1]

What was the problem?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Korisnik1 (30-09-2018 18:16:13) Run:1
Running from C:\Users\Korisnik1\Desktop\tes
Loaded Profiles: Korisnik1 (Available Profiles: Korisnik1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk [2018-06-14]
ShortcutTarget: I.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe ()
Startup: C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2018-06-14]
ShortcutTarget: v.lnk -> C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe ()
HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180128__yaie
SearchScopes: HKU\S-1-5-21-3457384497-306178297-758070085-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180128__yaie&p={searchTerms}
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\Korisnik1:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\.rdata:X [526]

C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dl?????l?
C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk
C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe
C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk
C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe

Reboot:
End

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk => moved successfully
C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe => moved successfully
C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk => moved successfully
C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe => moved successfully
HKU\S-1-5-21-3457384497-306178297-758070085-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-3457384497-306178297-758070085-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => removed successfully
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found
"HKLM\System\CurrentControlSet\Services\gupdate" => removed successfully
gupdate => service removed successfully
"HKLM\System\CurrentControlSet\Services\gupdatem" => removed successfully
gupdatem => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\Korisnik1 => ":Heroes & Generals" ADS removed successfully
C:\ProgramData\.rdata => ":X" ADS removed successfully
"C:\Users\Korisnik1\AppData\Local\Temp\cdo688742513.dl?????l?" => not found
"C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I.lnk" => not found
"C:\Users\Korisnik1\AppData\Roaming\eeYAW8Q2wu.exe" => not found
"C:\Users\Korisnik1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk" => not found
"C:\Users\Korisnik1\AppData\Roaming\eeV3PxJrpj.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5498597 B
Java, Flash, Steam htmlcache => 650499880 B
Windows/system/drivers => 10796 B
Edge => 0 B
Chrome => 388220059 B
Firefox => 6368452 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 2494 B
Korisnik1 => 36395051 B

RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:17:51 ====

[Njoma1]

Im still having Malwarebytes pop-ups that website is blocked due to Trojan even tho im not doing anything on my pc

[nasdaq]

Hi,

Please confirm that your have set the Notifications to Off?

These attacks are stopped by Malwarebytes and you are notified accordingly.

Check the Notifications settings.
Change the setting Show Malwarebytes Notifications to Off
https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png

===

This could also be a Syncing issue?

Are you Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Keep me posted.

[Njoma1]

Its fine when i turn it off, the notifications (no more popping up) .. Im currently on a trial using premium service.. will i still get the protection of this "trojan attack" on a free version?? If not is there something i could do to protect myself?

[nasdaq]

Hi

No sorry.

The real time protection will stop.

You will have to run the program when you see that the computer is not running as well as expected.

 

Check out the Malwarebytes browser extension beta for Chrome and Firefox and say goodbye to tech support scams and many other web threats!

Chome:
https://forums.malwarebytes.com/topic/218616-malwarebytes-browser-extension-for-chrome-beta/

FireFox:
https://forums.malwarebytes.com/topic/218646-malwarebytes-browser-extension-for-firefox-beta/

Additional information.
Malwarebytes Browser Extension Blocks Malware, Scams, Ads, & Trackers
https://www.bleepingcomputer.com/news/security/malwarebytes-browser-extension-blocks-malware-scams-ads-and-trackers/
<<<>>>

Stay safe.

 

 

[Njoma1]

Alright thanks for the help.. best of luck

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks