Jump to content

Recommended Posts

Hi there,

I'm new to the site, but not new to computers. About a week ago, I was in a hurry to get to playing a game of minecraft with some of my friends, and I accidentally installed a Trojan that included Chrominium, Avast, etc while in a hurry to get optifine, a program that boost's the game's framerate. Luckily, I got rid of the actual harmful software using control panel, and I thought I was virus free up to the point where I tried to install optifine from the ACTUAL website.

 

image.png.5b531da64cbd68cf604bf0fd8916cf61.png

I was constantly redirected to Gloyah(.)net, where Malwarebyte's (thankfully) blocked it every time. I haven't seen this redirect anywhere else but the optifine website, but I guarantee you that its the original website. The list of programs I've used to try and get rid of this so far include:

  • Malwarebytes
  • Adwcleaner
  • Hitmanpro
  • Zemana
  • ART by TSA

All of these softwares got rid of any additional harmful programs, but all failed to detect this gloyah.net adware redirect. Whenever I delete the actual files from my google folder, they simply come back brand new after a few minutes. I have adblock, so I'm probably not seeing the actual annoying part of this adware, but I'd still like to get rid of it just to avoid any other nonsense that may come with it in the future.

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If the problem persists and Chrome is Synced with other Devices check this out.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Execute the suggested fix.

Restart the computer normally.
===========

If the problem is not solved run this scan.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Wait for further instructions
====
 

Link to post
Share on other sites

Hello nasdaq, I appreciate your help!

Unfortunately, the first instructions didn't work. Here's my FRST.txt and Addition.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Mac (administrator) on MALACHI (Gigabyte Technology Co., Ltd. Z97X-SLI) (24-07-2019 18:27:19)
Running from C:\Users\Mac\Downloads
Loaded Profiles: Mac (Available Profiles: Mac)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Discord Inc. -> Discord Inc.) C:\Users\Mac\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Mac\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Mac\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Mac\AppData\Local\Discord\app-0.0.305\Discord.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hi-Rez Studios) [File not signed] C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify AB -> Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
Failed to access process -> Corsair.Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe [34479664 2018-08-08] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKU\S-1-5-21-3957397278-2763812798-3511275089-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-07-17] (Valve -> Valve Corporation)
HKU\S-1-5-21-3957397278-2763812798-3511275089-1001\...\Run: [Spotify] => C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-06] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3957397278-2763812798-3511275089-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35519888 2019-06-20] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3957397278-2763812798-3511275089-1001\...\Run: [Discord] => C:\Users\Mac\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3957397278-2763812798-3511275089-1001\...\Run: [Medal] => C:\Users\Mac\AppData\Local\Medal\update.exe [1840888 2018-12-26] (Ferox Games B.V. -> ) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1562432 2016-12-15] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1456448 2016-12-15] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-23] (Google LLC -> Google LLC)
Startup: C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2018-10-10]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe (NEXON Korea Corporation. -> )
Startup: C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-12-19]
ShortcutTarget: Twitch.lnk -> C:\Users\Mac\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {159C25E5-4FE3-4018-8751-9BC3A8FF9C31} - System32\Tasks\Uninstaller_SkipUac_Mac => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5312272 2019-06-24] (IObit Information Technology -> IObit)
Task: {21559666-0B8D-469F-A308-676870FCA512} - System32\Tasks\update-S-1-5-21-3957397278-2763812798-3511275089-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {300EC9FF-2C6D-4427-99B6-818BCB00C0BD} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {66405527-08BE-4813-9BD0-A7F14D02E0D1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {75B498C4-D7A5-4D03-B7D5-D2E109282516} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {77F5FCBB-6CCF-455C-A484-258833BFC29C} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {790A60E5-E347-411A-BAB4-BCC4ACDA11C6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560304 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7E627AC5-2DC7-49CE-8227-38A8FEADFA6D} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [657472 2019-07-16] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {8783072B-1732-4B25-B254-F6D78AAD57B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-17] (Google Inc -> Google Inc.)
Task: {8E6C50F7-DD78-4175-B7E3-19D845A5DDEB} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9C7A2B65-13A8-4130-96DD-BED5D7414662} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9D8ED21F-8B9D-45AA-84E4-B3B2BEF7108E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-17] (Google Inc -> Google Inc.)
Task: {9F7C3FF8-2921-4E51-93CD-41F47283D46C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [562544 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0C5EE94-A25F-4CC6-A155-DBA9FF9ADE81} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {AC977937-C6AB-4A27-AF2D-1901FDE7392D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E5F1C42C-BE0F-4AAC-AC2F-7F3A5A48BF2B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F4751BAF-2A07-4E21-90C4-41EAB6CE7B20} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [657472 2019-07-16] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {FCD02586-1A1E-404D-AB7E-CB631A278875} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1003888 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-3957397278-2763812798-3511275089-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0BECF054-10EE-4411-BE48-BD9104402B43}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)

Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default [2019-07-24]
CHR Extension: (Slides) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-23]
CHR Extension: (Docs) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-23]
CHR Extension: (Google Drive) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-23]
CHR Extension: (YouTube) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-23]
CHR Extension: (Awaken the Force Within) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeojddkbfhdgnnicgkgogjnbkdljibb [2019-07-23]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-07-23]
CHR Extension: (uBlock Origin) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-23]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2019-07-23]
CHR Extension: (Sheets) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-23]
CHR Extension: (Uncanny Cookie Clicker) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdenlpgbgmeofmdkhimecmkcgabgno [2019-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-23]
CHR Extension: (Gmail) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-23]
CHR Extension: (Chrome Media Router) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-23]
CHR HKU\S-1-5-21-3957397278-2763812798-3511275089-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-03-06] (BattlEye Innovations e.K. -> )
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [45616 2018-08-08] (Corsair Components, Inc. -> Corsair Components, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-01] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-28] (Hi-Rez Studios) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-07-23] (SurfRight B.V. -> SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2019-06-24] (IObit Information Technology -> IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 NGS; C:\Windows\NGService.exe [2994248 2018-10-16] (NEXON Korea Corporation. -> NEXON Korea Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 BstHdLogRotatorSvc; "C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2019-07-22] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45528 2018-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21968 2018-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz147; C:\Windows\temp\cpuz147\cpuz147_x64.sys [53848 2019-07-22] (CPUID -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-07-22] (Martin Malik - REALiX -> REALiX(tm))
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19312 2019-06-24] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [25488 2019-06-24] (IObit Information Technology -> IObit)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Windows Central Build Account - X -> Microsoft Corporation)
S3 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-24 18:18 - 2019-07-24 18:20 - 000072647 _____ C:\Users\Mac\Downloads\Addition.txt
2019-07-24 18:17 - 2019-07-24 18:27 - 000026107 _____ C:\Users\Mac\Downloads\FRST.txt
2019-07-24 18:17 - 2019-07-24 18:27 - 000000000 ____D C:\FRST
2019-07-24 18:12 - 2019-07-24 18:12 - 002095104 _____ (Farbar) C:\Users\Mac\Downloads\FRST64.exe
2019-07-23 20:55 - 2019-07-23 20:55 - 000752296 _____ C:\Users\Mac\Downloads\Adware Removal Tool by TSA.exe
2019-07-23 20:55 - 2019-07-23 20:55 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2019-07-23 20:55 - 2019-07-23 20:55 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2019-07-23 20:46 - 2019-07-23 20:46 - 010960168 _____ (SurfRight B.V.) C:\Users\Mac\Downloads\HitmanPro (1).exe
2019-07-23 20:44 - 2019-07-23 20:44 - 000001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-07-23 20:44 - 2019-07-23 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-07-23 20:43 - 2019-07-23 20:44 - 000000000 ____D C:\Program Files\HitmanPro
2019-07-23 20:43 - 2019-07-23 20:43 - 011539456 _____ (SurfRight B.V.) C:\Users\Mac\Downloads\HitmanPro_x64.exe
2019-07-23 20:41 - 2019-07-23 21:23 - 000000000 ____D C:\ProgramData\HitmanPro
2019-07-23 20:39 - 2019-07-23 20:39 - 010960168 _____ (SurfRight B.V.) C:\Users\Mac\Downloads\HitmanPro.exe
2019-07-23 20:34 - 2019-07-23 21:30 - 000000000 ____D C:\Users\Mac\AppData\Local\Google
2019-07-23 20:34 - 2019-07-23 20:34 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-23 20:34 - 2019-07-23 20:34 - 000002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-22 20:14 - 2019-07-22 20:14 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2019-07-22 20:05 - 2019-07-22 20:05 - 000002846 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Mac
2019-07-22 20:05 - 2019-07-22 20:05 - 000001371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2019-07-22 20:05 - 2019-07-22 20:05 - 000001359 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2019-07-22 20:05 - 2019-07-22 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2019-07-22 20:04 - 2019-07-22 20:04 - 019476688 _____ (IObit ) C:\Users\Mac\Downloads\iobituninstaller.exe
2019-07-22 20:00 - 2019-07-22 20:00 - 000027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2019-07-22 19:59 - 2019-07-22 19:59 - 020400128 _____ (IObit ) C:\Users\Mac\Downloads\driver_booster_setup_beta.exe
2019-07-22 19:55 - 2019-07-24 18:27 - 001363050 _____ C:\Windows\ZAM.krnl.trace
2019-07-22 19:55 - 2019-07-22 19:55 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2019-07-22 19:55 - 2019-07-22 19:55 - 000003470 _____ C:\Windows\System32\Tasks\AMHelper
2019-07-22 19:55 - 2019-07-22 19:55 - 000002424 _____ C:\Windows\System32\Tasks\AMSkipUAC
2019-07-22 19:55 - 2019-07-22 19:55 - 000001276 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2019-07-22 19:55 - 2019-07-22 19:55 - 000000000 ____D C:\Users\Mac\AppData\Local\Zemana
2019-07-22 19:55 - 2019-07-22 19:55 - 000000000 ____D C:\Users\Mac\AppData\Local\AMSDK
2019-07-22 19:55 - 2019-07-22 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-07-22 19:55 - 2019-07-22 19:55 - 000000000 ____D C:\Program Files (x86)\Zemana
2019-07-22 19:54 - 2019-07-22 19:54 - 012664512 _____ (Zemana Ltd. ) C:\Users\Mac\Downloads\AntiMalware_Setup.exe
2019-07-22 16:53 - 2019-07-22 16:53 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-07-22 16:53 - 2019-07-22 16:53 - 000116112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-07-22 16:53 - 2019-07-22 16:53 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-07-22 16:52 - 2019-07-22 16:52 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-22 16:50 - 2019-07-22 16:50 - 007025360 _____ (Malwarebytes) C:\Users\Mac\Documents\adwcleaner_7.3.exe
2019-07-22 16:50 - 2019-07-22 16:50 - 000000000 ____D C:\AdwCleaner
2019-07-15 19:36 - 2019-07-22 20:06 - 000000000 ____D C:\ProgramData\ProductData
2019-07-15 19:36 - 2019-07-22 20:06 - 000000000 ____D C:\Program Files (x86)\IObit
2019-07-15 19:36 - 2019-07-15 19:36 - 000000000 ____D C:\Users\Mac\AppData\LocalLow\IObit
2019-07-15 19:35 - 2019-07-22 20:14 - 000000000 ____D C:\ProgramData\IObit
2019-07-15 19:35 - 2019-07-22 20:08 - 000000000 ____D C:\Users\Mac\AppData\Roaming\IObit
2019-07-15 19:35 - 2019-07-15 19:35 - 019476688 _____ (IObit ) C:\Users\Mac\Documents\iobituninstaller.exe
2019-07-14 04:21 - 2019-07-14 04:21 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-14 04:21 - 2019-07-14 04:21 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-14 04:21 - 2019-07-14 04:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-14 04:21 - 2019-07-14 04:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-14 04:21 - 2019-07-14 04:21 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-14 04:21 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-14 04:20 - 2019-07-14 04:20 - 064333800 _____ (Malwarebytes ) C:\Users\Mac\Documents\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe
2019-07-14 04:13 - 2019-07-15 19:37 - 000000000 ____D C:\Users\Mac\AppData\Roaming\Modinstaller
2019-07-14 04:13 - 2019-07-14 04:38 - 000000000 ____D C:\Windows\System32\Tasks\lisog
2019-07-14 04:13 - 2019-07-14 04:38 - 000000000 ____D C:\Users\Mac\AppData\Local\52c4ebcf0bdf4e4f545b381ae31dfd22
2019-07-14 04:13 - 2019-07-14 04:13 - 000001949 _____ C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MC Modinstaller.LNK
2019-07-14 04:12 - 2019-07-14 05:21 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-14 04:12 - 2019-07-14 04:12 - 000689410 _____ (SmartSoft) C:\Users\Mac\Downloads\OptifineMod.exe
2019-07-09 15:46 - 2019-06-24 23:54 - 001368080 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-07-09 15:46 - 2019-06-24 22:59 - 004169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-07-09 15:46 - 2019-06-24 22:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2019-07-09 15:46 - 2019-06-24 22:07 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-07-09 15:46 - 2019-06-24 21:48 - 001756160 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-07-09 15:46 - 2019-06-24 21:44 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2019-07-09 15:46 - 2019-06-24 21:42 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2019-07-09 15:46 - 2019-06-24 21:41 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-07-09 15:46 - 2019-06-24 21:41 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2019-07-09 15:46 - 2019-06-24 21:39 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-07-09 15:46 - 2019-06-24 21:36 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-07-09 15:46 - 2019-06-24 21:31 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-07-09 15:46 - 2019-06-24 21:28 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2019-07-09 15:46 - 2019-06-24 21:26 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2019-07-09 15:46 - 2019-06-18 00:34 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-07-09 15:46 - 2019-06-18 00:07 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-07-09 15:46 - 2019-06-17 23:59 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-07-09 15:46 - 2019-06-17 23:56 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-07-09 15:46 - 2019-06-17 23:56 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-07-09 15:46 - 2019-06-17 23:39 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-07-09 15:46 - 2019-06-17 23:29 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-07-09 15:46 - 2019-06-17 23:28 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-07-09 15:46 - 2019-06-17 23:20 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-07-09 15:46 - 2019-06-17 23:19 - 015311872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-07-09 15:46 - 2019-06-17 23:13 - 000166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-07-09 15:46 - 2019-06-17 23:08 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-07-09 15:46 - 2019-06-17 23:07 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-07-09 15:46 - 2019-06-17 23:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-07-09 15:46 - 2019-06-17 23:06 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-07-09 15:46 - 2019-06-17 23:03 - 013706752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-07-09 15:46 - 2019-06-17 23:03 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-07-09 15:46 - 2019-06-17 22:55 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-07-09 15:46 - 2019-06-17 22:55 - 000214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-07-09 15:46 - 2019-06-17 22:44 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-07-09 15:46 - 2019-06-17 22:43 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-07-09 15:46 - 2019-06-17 22:42 - 001349120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-07-09 15:46 - 2019-06-17 22:41 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-07-09 15:46 - 2019-06-17 22:39 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-07-09 15:46 - 2019-06-17 22:33 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2019-07-09 15:46 - 2019-06-15 11:22 - 000910848 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-07-09 15:46 - 2019-06-11 20:51 - 000169256 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-07-09 15:46 - 2019-06-11 09:37 - 000293888 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
2019-07-09 15:46 - 2019-06-11 09:35 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2019-07-09 15:46 - 2019-06-10 17:42 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-07-09 15:46 - 2019-06-10 17:42 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-07-09 15:46 - 2019-06-10 17:42 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-07-09 15:46 - 2019-06-10 17:42 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-07-09 15:46 - 2019-06-10 17:42 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-07-09 15:46 - 2019-06-10 17:42 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-07-09 15:46 - 2019-06-10 17:42 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-07-09 15:46 - 2019-06-10 17:42 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-07-09 15:46 - 2019-06-08 12:09 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-07-09 15:46 - 2019-06-08 11:55 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2019-07-09 15:46 - 2019-06-08 11:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-07-09 15:46 - 2019-06-08 11:33 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2019-07-09 15:46 - 2019-06-08 10:55 - 007035392 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-07-09 15:46 - 2019-06-08 10:53 - 006217216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-07-09 15:46 - 2019-06-06 18:49 - 007362800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-07-09 15:46 - 2019-06-06 13:14 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-07-09 15:46 - 2019-06-02 11:42 - 000365056 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2019-07-09 15:46 - 2019-05-24 22:32 - 002013432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-07-09 15:46 - 2019-05-15 16:33 - 000333552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2019-07-09 15:46 - 2019-05-14 20:53 - 000136800 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-07-09 15:46 - 2019-05-14 10:18 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-07-09 15:35 - 2019-06-24 22:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-07-09 15:35 - 2019-06-24 22:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-07-08 17:28 - 2019-07-08 17:28 - 000034069 _____ C:\Users\Mac\Documents\Malachi-GardnerNew.pdf
2019-07-07 01:06 - 2019-07-07 01:06 - 000000000 ____D C:\Users\Mac\AppData\Local\TekkenGame
2019-07-07 00:02 - 2019-07-07 00:02 - 000000222 _____ C:\Users\Mac\Desktop\TEKKEN 7.url
2019-07-06 15:34 - 2019-07-06 15:34 - 000000219 _____ C:\Users\Mac\Desktop\Team Fortress 2.url
2019-06-28 23:00 - 2019-06-28 23:00 - 006921695 _____ C:\Users\Mac\Downloads\MCDrugs 2017 Resource Pack (1.1).zip
2019-06-25 18:36 - 2019-06-25 18:36 - 000001040 _____ C:\Users\Public\Desktop\Call of Duty Black Ops 4.lnk
2019-06-24 22:42 - 2019-06-24 22:42 - 000000000 ____D C:\Users\Mac\AppData\Roaming\EasyAntiCheat
2019-06-24 19:23 - 2019-07-11 16:28 - 000000000 ____D C:\Program Files (x86)\Call of Duty Black Ops 4
2019-06-24 16:11 - 2019-06-24 16:31 - 000000000 ____D C:\Users\Mac\AppData\Local\HyperLightDrifter
2019-06-24 16:10 - 2019-06-24 16:10 - 000000272 _____ C:\Users\Mac\Desktop\Hyper Light Drifter.url

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-24 17:25 - 2017-06-17 23:29 - 000000400 _____ C:\Windows\Tasks\update-sys.job
2019-07-24 16:55 - 2017-06-18 03:40 - 000003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BB172A7D-6AD8-46E5-8E33-6994565D1915}
2019-07-24 16:46 - 2017-06-18 00:03 - 000000000 ____D C:\Users\Mac\AppData\Roaming\Spotify
2019-07-24 16:29 - 2017-06-17 23:29 - 000000400 _____ C:\Windows\Tasks\update-S-1-5-21-3957397278-2763812798-3511275089-1001.job
2019-07-24 12:25 - 2017-06-17 19:03 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-23 23:25 - 2017-06-17 19:06 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-23 23:05 - 2017-06-17 19:06 - 000000000 ____D C:\Users\Mac\AppData\Roaming\discord
2019-07-23 22:14 - 2017-06-18 00:22 - 000000000 ____D C:\Users\Mac\AppData\Roaming\.minecraft
2019-07-23 22:14 - 2017-06-18 00:22 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-07-23 21:57 - 2017-06-18 03:41 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3957397278-2763812798-3511275089-1001
2019-07-23 18:52 - 2017-12-17 21:41 - 000000000 ____D C:\Users\Mac\AppData\Local\LogMeIn Hamachi
2019-07-22 21:04 - 2017-06-18 00:04 - 000000000 ____D C:\Users\Mac\AppData\Local\Spotify
2019-07-22 20:32 - 2019-02-04 20:20 - 000000000 ____D C:\Program Files (x86)\Origin
2019-07-22 20:12 - 2018-10-20 22:39 - 000000000 ____D C:\Users\Mac\AppData\Roaming\Mozilla
2019-07-22 19:37 - 2017-06-18 00:54 - 000000000 __SHD C:\Users\Mac\IntelGraphicsProfiles
2019-07-22 16:52 - 2018-03-04 02:03 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2019-07-22 16:52 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-22 16:51 - 2017-06-18 03:36 - 000000000 ___HD C:\Users\Mac
2019-07-22 00:35 - 2019-02-04 20:19 - 000000000 ____D C:\Users\Mac\AppData\Roaming\Origin
2019-07-22 00:24 - 2019-02-04 20:23 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-07-22 00:24 - 2019-02-04 20:19 - 000000000 ____D C:\ProgramData\Origin
2019-07-21 23:29 - 2017-06-18 20:25 - 000000000 ____D C:\Users\Mac\AppData\Local\osu!
2019-07-20 22:57 - 2018-08-24 01:09 - 000000000 ____D C:\Users\Mac\AppData\Local\Ubisoft Game Launcher
2019-07-20 22:28 - 2014-11-21 04:44 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-20 22:28 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-07-15 22:58 - 2018-07-03 05:43 - 000000000 ____D C:\Users\Mac\Desktop\HitFilm Express Exports
2019-07-15 22:19 - 2018-10-02 18:33 - 000000000 ____D C:\Users\Mac\Downloads\!!Project
2019-07-15 21:25 - 2017-06-22 17:00 - 000000000 ____D C:\Users\Mac\AppData\Local\CrashDumps
2019-07-14 22:09 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2019-07-14 05:20 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-07-14 04:58 - 2018-12-26 22:02 - 000000000 ____D C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ferox Games
2019-07-14 04:58 - 2018-12-26 22:02 - 000000000 ____D C:\Users\Mac\AppData\Local\Medal
2019-07-14 04:57 - 2017-12-19 20:59 - 000000000 ____D C:\Users\Mac\AppData\Roaming\Twitch
2019-07-14 04:55 - 2018-10-10 19:08 - 000000000 ____D C:\Users\Mac\AppData\Roaming\NexonLauncher
2019-07-14 04:54 - 2018-12-26 22:02 - 000000000 ____D C:\Users\Mac\AppData\Roaming\Medal
2019-07-14 04:49 - 2013-08-22 10:44 - 000337808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-07-14 04:46 - 2017-06-20 19:18 - 000000000 ____D C:\Windows\system32\appraiser
2019-07-14 04:46 - 2017-06-17 20:12 - 000000000 ____D C:\Users\Mac\AppData\Local\Battle.net
2019-07-14 04:46 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2019-07-14 04:46 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-07-14 04:46 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Dism
2019-07-14 03:06 - 2018-10-20 22:39 - 000000000 ____D C:\Users\Mac\AppData\LocalLow\Mozilla
2019-07-13 15:54 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-07-11 15:35 - 2017-06-20 14:46 - 000000000 ____D C:\Windows\system32\MRT
2019-07-11 15:31 - 2017-06-20 14:46 - 136618864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-07-09 16:05 - 2017-06-20 13:26 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-07-08 17:29 - 2017-06-22 16:55 - 000000000 ____D C:\Users\Mac\Documents\Black Desert
2019-07-07 01:06 - 2017-09-28 20:50 - 000000000 ____D C:\Users\Mac\AppData\Local\UnrealEngine
2019-07-06 14:06 - 2017-07-19 13:44 - 000000000 ____D C:\Users\Mac\Downloads\Manga
2019-07-02 14:16 - 2019-02-18 17:31 - 000000000 ____D C:\Program Files (x86)\Overwatch
2019-06-29 01:31 - 2019-05-25 22:25 - 000000000 ____D C:\Users\Mac\AppData\Roaming\slobs-client
2019-06-27 16:22 - 2017-06-17 23:15 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2019-06-27 14:07 - 2017-10-21 23:34 - 000000000 ____D C:\Users\Mac\Downloads\BirdArt
2019-06-24 16:10 - 2017-12-19 21:07 - 000000000 ____D C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games

==================== Files in the root of some directories ================

2018-03-30 20:02 - 2018-03-30 20:11 - 000000096 _____ () C:\Users\Mac\AppData\Roaming\LauncherSettings_live.cfg
2017-06-17 23:29 - 2017-06-17 23:29 - 000000003 _____ () C:\Users\Mac\AppData\Local\updater.log
2017-06-17 23:29 - 2017-06-17 23:29 - 000000425 _____ () C:\Users\Mac\AppData\Local\UserProducts.xml

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\SysWOW64\lastpass_1337.exe [2017-12-17] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-22 01:07
==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Hi,

No malware was found in your logs.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Remove and re-install Chrome

Your copy of Chrome may have been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Hey there nasdaq, apologies for the late reply.

I followed your steps, and I've attached the Fixlog file to my post.

I'm still testing it out on the website I used the first time, and malwarebytes is still blocking this infamous "gloyah.net" (Tried it in both chrome and IE, the adware seems to be in both. Maybe I should try uninstalling IE as well?) I can also give you the file location of the adware being blocked if you don't have it already.

image.thumb.png.a3b7b54781d0beb3aee69a37c4e86b39.png

 

I'm just happy that the adware isn't really affecting me other than not allowing me to download that program I may want to use in the future, and I want to let you know your help is greatly appreciated.

Fixlog.txt

Link to post
Share on other sites

Hi,

Malwarebytes indicates that the Internet Explorer is the browser affected.

If the problem persists in IE and you are using the Sync with other devices, disable the Sync.
https://www.thewindowsclub.com/sync-internet-explorer-settings-windows-8-1-devices

close IE.

Restart the computer and re-sync you devices if you need them.
<<<>>>

How is it now?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.