Jump to content
SuperSaiyanAJ

Continued Smaller Infections Despite Repairs

Recommended Posts

I started off with a much larger infection related to downloading malicious software. The old thread can be found here. Nasdaq (the MWB mod) was awesome and we made progress, but it doesn't look like I'm completely clean.

It seems that every few days, I'll have a new smaller infection (see the dates on most recent logs attached). It seems that all of my MWB and Sophos scans aren't truly scrubbing my entire computer clean. I will fully comply if there is something I'm doing wrong. It seems like there's some nasty malware tucked up in the deepest depths of the computer that keeps resurfacing.

How does the computer continue to get reinfected? Is it possible that because I have too many anti-malware programs on my computer that they are getting in each other's way? My computer currently has Malwarebytes, Emsisoft Emergency Kit, Sophos VRT, and Windows Defender installed on it.

MWB_Scan_May11.txt MWB_Scan_May27.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Hello again.

Download the Farbar Recovery Scan Tool (FRST). (if you still have the previous version run it and the program will be updated. When finished run run it.
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Wait for further instructions
====
 

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05.2019
Ran by Anthony (administrator) on AJR-ZH77A (MSI MS-7758) (28-05-2019 20:29:52)
Running from C:\Users\Anthony\Desktop
Loaded Profiles: Anthony (Available Profiles: Anthony & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Anthony\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Pulse Secure, LLC -> ) C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe
(Pulse Secure, LLC -> Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe
(Pulse Secure, LLC -> Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe [3209176 2016-11-30] (Pulse Secure, LLC -> )
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-558817803-4119610966-2941510548-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46506040 2019-04-09] (Google LLC -> )
HKU\S-1-5-21-558817803-4119610966-2941510548-1000\...\Run: [f.lux] => C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-558817803-4119610966-2941510548-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-558817803-4119610966-2941510548-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E87E6F-1D36-42B5-8EAD-5CD5032E39EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {0BBED6DA-46FF-41CE-8D1F-ACD140893207} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-23] (Adobe Inc. -> Adobe)
Task: {0C171592-D0BE-4DC3-A0AB-83BF2D06BB5A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0ED0BFA9-B0AA-428D-B552-109239F6541F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {17ADB3E7-E8D0-48B0-9B7A-9686AF48F9B5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {1C2DC640-AC29-4CD7-B31D-975A78B6F918} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {3C42883C-D17B-47CD-B77C-92A331EE274E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4455AE04-E94F-462F-880D-FAAAF6B7A6CC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [994672 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {46E20B9E-D661-4927-AC41-59C900657453} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {48518B86-C9DC-4289-B1E9-913D467219E3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4D7E0AF7-ED7B-4254-80EF-07EED9936374} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {58DDE73B-1764-4E64-B4DD-7052838B6C82} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5D2B0A38-177A-48CF-B6A6-6BED359D2DDB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5E1C0443-5174-47A2-BCDB-04AD47A6ABEE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5E30ACA7-F46F-4B22-BE51-4D0FD5BCEE92} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {660F3B8E-7DF4-427E-89B2-7541E562E76E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6718ED3D-F74C-413E-B80D-338D3C388E8B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {67F3E1FD-5903-46F3-B4DA-20A6B52DCD6F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
Task: {73E7D594-278E-4C6F-BE13-1512ED9B06AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {74B49733-C5EB-41B6-97A6-9CC21D566454} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {825616D7-A8BD-4455-B976-059E8ABAB5BB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {87A20AA6-EF1E-403B-82C3-6ADE8DF5E988} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8849A757-4693-431C-9738-360209508173} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8AB478CE-442A-4630-B152-CA92FE614562} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8DCD9AF9-89F8-4E2D-913C-30453D68C989} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {910E38E7-5DB0-4586-B6B4-571B25A61978} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {931DBBD6-F507-4640-B602-F22585A6C0A7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9813856A-FB1A-42A1-A7B4-E619CED6F0B5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-23] (Adobe Inc. -> Adobe)
Task: {9F7E208C-8073-4371-97ED-A2A1097366AF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A288E04D-50AE-49D0-8C7F-3D8C35686253} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A7899452-C7C7-40B1-B342-91D62E8C1418} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {A99BDC6A-70FB-49F8-9EFC-E04E055084C8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {AB683356-233A-4961-B087-2413690DC0FC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {ACD8F3B9-7F2B-41D5-8B04-FA2A9D028688} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {BF53F84C-E9FF-4607-905E-8D036B350CCA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {CB754D4F-0C41-4878-9340-EBF33C56584D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {D5756D37-4445-4F31-B209-58B03FBDD3E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {D762E39B-56BB-425F-A648-FDE6C295BB36} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {E4F5655A-9D81-4937-AD1B-8D78DBD54640} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [695664 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E83BBBE3-BBB8-4441-855E-BF24060F1CAB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E97441D5-A08C-4EFC-99E9-853ACBF852CD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {F2375D93-5480-4A34-8FCC-4955D992E94C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {F702EED7-8BA3-4EBF-8A69-FF1EF3DBE802} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FCED7D58-DB4F-4D05-9BBC-6F065C4DD5EC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3487088 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FF875EDA-942E-4065-BD87-561CDC6D4061} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1216b495-def4-11e7-af92-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{bf045eac-f871-4640-899f-9235f78aeb59}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c201cce2-6749-4741-82b8-8468e04f1303}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d6805ba3-7e65-4cc5-9126-9da5f285a231}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d6805ba3-7e65-4cc5-9126-9da5f285a231}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF DefaultProfile: 1jhjbyct.default-1549144348038
FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\1jhjbyct.default-1549144348038 [2019-05-28]
FF Homepage: Mozilla\Firefox\Profiles\1jhjbyct.default-1549144348038 -> www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-23] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-23] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-19] (Pando Networks, Inc. -> Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-18] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-18] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-558817803-4119610966-2941510548-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Anthony\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-26] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-558817803-4119610966-2941510548-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-19] (Pando Networks, Inc. -> Pando Networks)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-05-18]
CHR Extension: (Slides) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-07]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-27]
CHR HKU\S-1-5-21-558817803-4119610966-2941510548-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-30] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PulseSecureService; C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182232 2016-11-30] (Pulse Secure, LLC -> Pulse Secure, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] (Intel(R) Smart Connect software -> )
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks)
R3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks, Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-27] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f4187dc256a67a6b\nvlddmkm.sys [20337064 2018-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek )
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-06-15] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-28 20:29 - 2019-05-28 20:30 - 000028602 _____ C:\Users\Anthony\Desktop\FRST.txt
2019-05-28 20:29 - 2019-05-28 20:29 - 000000000 ____D C:\Users\Anthony\Desktop\FRST-OlderVersion
2019-05-27 15:55 - 2019-05-27 15:55 - 000005292 _____ C:\Users\Anthony\Desktop\MWB_Scan_May11.txt
2019-05-27 15:55 - 2019-05-27 15:55 - 000001524 _____ C:\Users\Anthony\Desktop\MWB_Scan_May27.txt
2019-05-27 15:54 - 2019-05-27 15:54 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-05-23 21:28 - 2019-05-23 21:28 - 000464688 _____ C:\Users\Anthony\Desktop\Robert_CoverLetter_May23.pdf
2019-05-23 21:25 - 2019-05-23 21:25 - 000314493 _____ C:\Users\Anthony\Desktop\Robert_Resume_May23.pdf
2019-05-22 19:00 - 2019-05-22 19:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-20 20:03 - 2019-05-20 20:03 - 000274770 _____ C:\Users\Anthony\Downloads\DirectDebitBillDueMay23,2019_05-02-2019(1).pdf
2019-05-20 20:02 - 2019-05-20 20:02 - 000274770 _____ C:\Users\Anthony\Downloads\DirectDebitBillDueMay23,2019_05-02-2019.pdf
2019-05-20 19:57 - 2019-05-20 20:06 - 000000000 ____D C:\Users\Anthony\Documents\Loan Stuff

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-28 20:29 - 2019-02-19 20:34 - 000000000 ____D C:\FRST
2019-05-28 20:29 - 2019-02-19 20:30 - 002435584 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2019-05-28 20:24 - 2018-05-16 21:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-05-27 21:35 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-27 15:43 - 2019-02-19 20:27 - 000000530 _____ C:\Windows\wininit.ini
2019-05-27 15:43 - 2017-09-30 22:26 - 000000000 ____D C:\Users\Anthony\AppData\LocalLow\Mozilla
2019-05-27 15:43 - 2017-05-27 10:50 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-27 15:43 - 2013-07-31 08:19 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-27 15:43 - 2013-07-31 08:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-27 15:42 - 2013-09-26 22:04 - 000000000 ___RD C:\Users\Anthony\Google Drive
2019-05-27 15:41 - 2018-05-16 22:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-27 15:40 - 2018-04-11 16:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-05-27 15:40 - 2013-07-31 08:21 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-27 15:30 - 2019-03-03 10:09 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-27 15:19 - 2013-08-04 13:43 - 000000000 ____D C:\Users\Anthony\AppData\Local\Spotify
2019-05-27 15:17 - 2013-07-31 08:22 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\Spotify
2019-05-23 21:06 - 2018-05-16 22:06 - 000004580 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-23 21:06 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-05-23 21:06 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\system32\Macromed
2019-05-22 19:02 - 2018-05-16 22:06 - 000003370 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-558817803-4119610966-2941510548-1000
2019-05-22 19:02 - 2018-05-16 21:52 - 000002408 _____ C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-22 19:02 - 2015-12-14 21:36 - 000000000 ___RD C:\Users\Anthony\OneDrive
2019-05-20 20:16 - 2018-04-11 18:38 - 000000000 ____D C:\Windows\AppReadiness
2019-05-20 20:11 - 2018-04-11 18:36 - 000000000 ____D C:\Windows\INF
2019-05-20 20:10 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-20 20:09 - 2018-07-05 21:23 - 000000000 ____D C:\ProgramData\Packages
2019-05-20 20:09 - 2018-04-11 18:38 - 000000000 ___RD C:\Windows\PrintDialog
2019-05-20 19:57 - 2015-12-19 20:17 - 000000000 ____D C:\Users\Anthony\AppData\LocalLow\Temp
2019-05-18 18:24 - 2013-07-31 08:20 - 000000000 ____D C:\Program Files (x86)\Google
2019-05-18 18:13 - 2018-05-16 22:06 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-18 18:13 - 2018-05-16 22:06 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-11 09:17 - 2018-05-16 21:47 - 000968720 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-11 08:45 - 2017-12-06 20:08 - 000002205 _____ C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2019-05-11 08:44 - 2019-04-27 18:21 - 000000000 ____D C:\ProgramData\5681727068127489059

==================== Files in the root of some directories =======

2013-07-16 08:56 - 2013-07-16 08:56 - 133170918 _____ () C:\Program Files\openoffice1.cab
2013-07-16 08:54 - 2013-07-16 08:54 - 002260992 _____ () C:\Program Files\openoffice400.msi
2013-07-16 08:54 - 2013-07-16 08:54 - 000475136 _____ () C:\Program Files\setup.exe
2013-07-16 08:54 - 2013-07-16 08:54 - 000000279 _____ () C:\Program Files\setup.ini
2015-09-28 21:52 - 2015-09-28 21:52 - 000000132 _____ () C:\Users\Anthony\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-09-28 21:53 - 2015-09-28 22:19 - 000001456 _____ () C:\Users\Anthony\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition.txt

Share this post


Link to post
Share on other sites


These are the only 2 items reported by your last scan of Malwarebytes

Quote

 

Registry Key: 1
Adware.NetAdapter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}, Quarantined, [1038], [683132],1.0.10792

Registry Value: 1
Adware.NetAdapter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{48162882-A7FF-4AB6-A8FA-1A6272AB7747}, Quarantined, [1038], [683134],1.0.10792

 

They are not seen in your logs.
It's possibly remnant items in the registry or coming from other devices if you presently using the Sync function in Firefox your default browser.

Check this out.
If the problem persists and you are Syncing Firefox it with other Devices reset it.

Navigate to this page and Remove it as suggested.

https://support.mozilla.org/en-US/kb/remove-synced-device-firefox-accounts

When done restart the computer normally.

If all is well.

Return to your Firefox Account and Click the Connect button.

Reset the sync.

Restart the computer normally.
<<<>>>

If this is not the issue run this search.

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
4CF9B388-78FA-46C3-B409-196FE2CF5F20;48162882-A7FF-4AB6-A8FA-1A6272AB7747
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Share this post


Link to post
Share on other sites

Thanks, Nasdaq. In the time since my last post, I have now seen an unwanted program appear on my desktop, which I promptly deleted from my Program Files (x86) folder. I attached the screenshot. I also had Windows Defender alert me saying that it detected 2 severe threats which were quarantined. A screenshot is attached to this message.

 

I ran the Farbar Registry scan and the results are below. I hope it is helpful:

Farbar Recovery Scan Tool (x64) Version: 01-06-2019
Ran by Anthony (03-06-2019 20:27:49)
Running from C:\Users\Anthony\Desktop
Boot Mode: Normal

================== Search Registry: "4CF9B388-78FA-46C3-B409-196FE2CF5F20;48162882-A7FF-4AB6-A8FA-1A6272AB7747" ===========


===================== Search result for "4CF9B388-78FA-46C3-B409-196FE2CF5F20" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\LZMA\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}\Registered Applications]
"netmedia32"="{48162882-A7FF-4AB6-A8FA-1A6272AB7747}"


===================== Search result for "48162882-A7FF-4AB6-A8FA-1A6272AB7747" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}\Registered Applications]
"netmedia32"="{48162882-A7FF-4AB6-A8FA-1A6272AB7747}"

====== End of Search ======

unknown icon.JPG

Share this post


Link to post
Share on other sites

After making my previous post, I ran another Malwarebytes scan which detected 58 threats, including PUPs, trojans, and adware. 😫 Sorry to be such a hassle!

I hope the Farbar logs I provided will help solve this mystery.

Share this post


Link to post
Share on other sites

Hi,

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Quote

 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\LZMA\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Windows Firewall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20}]

 


Restart the computer when completed.

You can delete the fixme.reg file when done.

The screen shot you sent does not give me access to the files/logs.
Attach them if the problem is not solved.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.