[zHugz]

I have problem the malware auto blocking (suspend) anti-malware apps and anti-malware website on normal boot. And it will open an ad on my web browser every 4 or 5 minutes

 

Sorry for bothering but i don't know how to find errors and create fix file. Can some one help me please

 

Here is my FRST.txt (edited)

 

Thanks alot

 

 

----------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01

Ran by Minh Hung Nguyen (administrator) on MINHHUNGNGUYEN (20-01-2019 12:15:44)

Running from C:\Users\Minh Hung Nguyen\Desktop

Loaded Profiles: Minh Hung Nguyen (Available Profiles: Minh Hung Nguyen & SQLTELEMETRY$MINHHUNGNGUYEN & SSISScaleOutWorker140 & SSISTELEMETRY140 & MSSQL$MINHHUNGNGUYEN & SSISScaleOutMaster140 & MsDtsServer140 & SQLAgent$MINHHUNGNGUYEN & MSSQLFDLauncher$MINHHUNGNGUYEN & MSSQLLaunchpad$MINHHUNGNGUYEN & MSOLAP$MINHHUNGNGUYEN & SSASTELEMETRY$MINHHUNGNGUYEN)

Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\HelpPane.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-27] (Realtek Semiconductor)

HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-02] (Saitek)

HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-02] (Saitek)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [10752 2018-04-12] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1

HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)

HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3952696 2016-08-06] (Tonec Inc.)

HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\Run: [reWASD Tray Agent] => "E:\Legacy of Kain Defiance\Gia lap Xbox\Launcher.exe" -autoremap -runtray

HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\Run: [Steam] => E:\Steam\steam.exe [3208992 2018-10-13] (Valve Corporation)

HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64

HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86

HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb

HKLM\Software\...\AppCompatFlags\InstalledSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-19] (Google Inc.)

HKLM\Software\...\Authentication\Credential Providers: [{4DA7114C-DE47-43BF-A644-62876DCC2A72}] -> C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDCREDPROV.DLL [2012-05-17] (Microsoft Corp.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-07-19]

ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

Startup: C:\Users\Minh Hung Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAT 9 Charge Indicator.lnk [2017-07-18]

ShortcutTarget: RAT 9 Charge Indicator.lnk -> C:\Users\Minh Hung Nguyen\AppData\Roaming\Microsoft\Installer\{E351A4AC-5D5D-4748-A2FE-310EC70F3E05}\_CD6D2B41032FC8A5BF211A.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 183.91.0.70 192.168.0.1

Tcpip\..\Interfaces\{980e9ff6-8760-49ec-8f7a-ba15e933f254}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{980e9ff6-8760-49ec-8f7a-ba15e933f254}: [DhcpNameServer] 8.8.8.8 183.91.0.70 192.168.0.1

 

Internet Explorer:

==================

HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/amiracleteam

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)

BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)

BHO-x32: No Name -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> No File

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)

 

FireFox:

========

FF DefaultProfile: 0ryaw7co.default

FF ProfilePath: C:\Users\Minh Hung Nguyen\AppData\Roaming\Zotero\Zotero\Profiles\0ryaw7co.default [2018-03-19]

FF Extension: (No Name) - C:\Program Files (x86)\Zotero\extensions\[email protected] [not found]

FF Extension: (No Name) - C:\Program Files (x86)\Zotero\extensions\[email protected] [not found]

FF HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Minh Hung Nguyen\AppData\Roaming\IDM\idmmzcc5

FF Extension: (IDM CC) - C:\Users\Minh Hung Nguyen\AppData\Roaming\IDM\idmmzcc5 [2019-01-19] [Legacy] [not signed]

FF HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-08-03] [Legacy]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] ()

FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-27] (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-19] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2017-08-09] (Nexon)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-11-29] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-11-29] (NVIDIA Corporation)

FF Plugin-x32: @t.garena.com/garenatalk -> E:\GarenaBnSVN\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-19] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-19] (Google Inc.)

 

Chrome: 

=======

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default [2019-01-20]

CHR Extension: (Slides) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Docs) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-19]

CHR Extension: (YouTube) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-19]

CHR Extension: (Adblock Plus) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]

CHR Extension: (Sheets) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Google Docs Offline) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]

CHR Extension: (space debris) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icefnbcfgejfmjnjgjcimkbhgkebdhab [2017-07-19]

CHR Extension: (IDM Integration Module) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-12-20]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]

CHR Extension: (Data Saver) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2017-07-19]

CHR Extension: (Gmail) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-19]

CHR Extension: (Chrome Media Router) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]

CHR Profile: C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-20]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Corporation)

S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]

S2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1811.2302\gxxsvc.exe [315712 2018-11-23] (Garena Online )

S4 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-11-02] (Rivet Networks)

S2 MsDtsServer140; C:\Program Files\Microsoft SQL Server\140\DTS\Binn\MsDtsSrvr.exe [219824 2017-08-22] (Microsoft Corporation)

S4 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [23040 2016-03-04] () [File not signed]

S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)

S2 MSSQL$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation)

S3 MSSQLFDLauncher$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\fdlauncher.exe [60592 2017-08-22] (Microsoft Corporation)

S2 MSSQLLaunchpad$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\launchpad.exe [1121464 2017-08-22] (Microsoft Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7744512 2017-05-01] (INCA Internet Co., Ltd.)

S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-12-06] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-12-06] (NVIDIA Corporation)

S2 RedgateClient; C:\Program Files (x86)\Common Files\Red Gate\Shared Client\RedGate.Client.Service.exe [292680 2018-05-22] (Red Gate Software Ltd)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)

S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\140\Tools\DReplayClient\DReplayClient.exe [121008 2017-08-22] (Microsoft Corporation)

S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\140\Tools\DReplayController\DReplayController.exe [350384 2017-08-22] (Microsoft Corporation)

S3 SQLAgent$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation)

S2 SQLPBDMS$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\Polybase\mpdwsvc.exe [7321784 2017-08-22] (Microsoft Corporation)

S2 SQLPBENGINE$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\Polybase\mpdwsvc.exe [7321784 2017-08-22] (Microsoft Corporation)

S2 SQLTELEMETRY$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)

S2 SSASTELEMETRY$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSAS14.MINHHUNGNGUYEN\OLAP\Bin\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)

S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()

S2 SSISScaleOutMaster140; C:\Program Files\Microsoft SQL Server\140\DTS\Binn\Microsoft.SqlServer.IntegrationServices.MasterServiceHost.exe [47288 2017-08-22] (Microsoft Corporation)

S2 SSISScaleOutWorker140; C:\Program Files\Microsoft SQL Server\140\DTS\Binn\Microsoft.SqlServer.IntegrationServices.WorkerAgentServiceHost.exe [45752 2017-08-22] (Microsoft Corporation)

S2 SSISTELEMETRY140; C:\Program Files\Microsoft SQL Server\140\DTS\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]

S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)

S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare)

S2 MSOLAP$MINHHUNGNGUYEN; "C:\Program Files\Microsoft SQL Server\MSAS14.MINHHUNGNGUYEN\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS14.MINHHUNGNGUYEN\OLAP\Config"

S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] () [File not signed]

S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [38320 2016-12-25] ()

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-20] (Rivet Networks, LLC.)

R0 hidgamemap; C:\WINDOWS\System32\drivers\hidgamemap.sys [150528 2018-10-03] (Disc Soft Ltd)

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)

R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Qualcomm Atheros, Inc.)

R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2018-02-07] (SoftEther Corporation)

S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9db4450b8107f59a\nvlddmkm.sys [20420352 2018-12-01] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation)

S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-02] (NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-11-30] (NVIDIA Corporation)

S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation)

S3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2015-10-02] (Saitek)

S3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2015-10-02] (Saitek)

R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2018-02-07] (SoftEther Corporation)

S3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Corporation)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)

S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)

S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-16] (MBB)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)

R3 _hid_0738_1709; C:\WINDOWS\system32\DRIVERS\_hid_0738_1709.sys [180928 2015-10-02] (Saitek)

S0 3ware; System32\drivers\3ware.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2019-01-20 12:15 - 2019-01-20 12:16 - 000024028 _____ C:\Users\Minh Hung Nguyen\Desktop\FRST.txt

2019-01-20 11:49 - 2019-01-20 11:49 - 006161408 _____ C:\Users\Minh Hung Nguyen\AppData\Local\dump007.dat

2019-01-20 11:49 - 2019-01-20 11:49 - 000004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2C2A6661-5FD3-492E-9D08-0234337D8D00}

2019-01-20 11:49 - 2019-01-20 11:49 - 000003704 _____ C:\WINDOWS\System32\Tasks\nexzjgwq

2019-01-20 11:49 - 2019-01-20 11:49 - 000003504 _____ C:\WINDOWS\System32\Tasks\ocohu

2019-01-20 11:49 - 2019-01-20 11:49 - 000003488 _____ C:\WINDOWS\System32\Tasks\iToolsDaemon

2019-01-20 11:49 - 2019-01-20 11:49 - 000000009 _____ C:\Users\Minh Hung Nguyen\rstr2.ini

2019-01-20 10:48 - 2019-01-19 13:59 - 002427904 _____ (Farbar) C:\Users\Minh Hung Nguyen\Desktop\FRST64.exe

2019-01-20 10:44 - 2019-01-20 12:10 - 000460604 _____ C:\WINDOWS\ntbtlog.txt

2019-01-20 05:04 - 2019-01-20 12:15 - 000000000 ____D C:\FRST

2019-01-19 01:44 - 2019-01-19 01:44 - 014155535 _____ C:\Users\Minh Hung Nguyen\Desktop\Malwarebytes Anti-Rootkit 1.10.3.1001 Portable [hoquangdai.com].rar

2019-01-19 01:13 - 2019-01-19 01:13 - 000000000 ____D C:\WINDOWS\Panther

2019-01-19 01:03 - 2019-01-20 12:10 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2019-01-19 01:01 - 2019-01-19 01:01 - 000000000 ____D C:\WINDOWS\pss

2019-01-19 00:50 - 2019-01-19 00:50 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2019-01-19 00:50 - 2019-01-19 00:50 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2019-01-19 00:30 - 2019-01-19 00:30 - 000000000 ____D C:\Program Files (x86)\AdwCleaner

2019-01-19 00:20 - 2019-01-19 01:06 - 000000000 ____D C:\AdwCleaner

2019-01-18 00:59 - 2019-01-18 00:59 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\Skyrim Special Edition

2019-01-17 07:45 - 2019-01-17 09:34 - 000000000 _____ C:\Recovery.txt

2019-01-16 12:40 - 2019-01-16 13:17 - 000000000 ____D C:\WINDOWS\amlog

2019-01-16 12:29 - 2019-01-16 12:41 - 000001560 _____ C:\WINDOWS\ampa.ini

2019-01-16 12:10 - 2019-01-16 12:10 - 000000000 ____D C:\ProgramData\AomeiBR

2019-01-14 23:55 - 2019-01-14 23:55 - 000633233 _____ C:\Users\Minh Hung Nguyen\Desktop\DS Items.xlsx

2019-01-10 10:39 - 2019-01-10 10:39 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Roaming\SmartSteamEmu

2019-01-10 10:37 - 2019-01-10 10:37 - 000001030 _____ C:\Users\Minh Hung Nguyen\Desktop\DARKSOULS Mod.lnk

2019-01-10 10:17 - 2019-01-10 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BANDAI NAMCO Games

2019-01-09 23:46 - 2019-01-18 13:36 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Roaming\uTorrent

2019-01-09 15:45 - 2019-01-09 15:45 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\NBGI

2019-01-09 11:43 - 2019-01-09 11:43 - 000000441 _____ C:\Users\Public\Desktop\Sword Art Online.lnk

2019-01-07 18:58 - 2019-01-07 18:58 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\Wondershare Dr.Fone for iOS

2019-01-07 18:48 - 2019-01-07 18:48 - 000000000 ____D C:\ProgramData\wsr

2019-01-07 18:30 - 2019-01-19 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

2019-01-07 18:30 - 2019-01-07 18:32 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Roaming\Wondershare

2019-01-07 18:30 - 2017-09-27 17:29 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config

2019-01-07 18:29 - 2019-01-07 18:29 - 000000000 ____D C:\Program Files (x86)\Wondershare

2019-01-06 11:28 - 2019-01-11 12:45 - 000000000 ____D C:\Program Files (x86)\Steam

2019-01-06 11:25 - 2019-01-06 11:25 - 000000000 ____D C:\ProgramData\Sniper Elite 4 Dedicated Server

2019-01-06 11:20 - 2019-01-06 11:29 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\SniperElite4

2019-01-06 11:16 - 2019-01-06 11:16 - 000000000 ____D C:\ProgramData\Sniper Elite 4

2019-01-06 11:15 - 2019-01-06 11:15 - 000000638 _____ C:\Users\Minh Hung Nguyen\Desktop\Sniper Elite 4.lnk

2019-01-06 01:59 - 2019-01-06 01:59 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\DyingLight

2019-01-06 01:41 - 2019-01-06 01:41 - 000000459 _____ C:\Users\Public\Desktop\Dying Light - The Following.lnk

2019-01-05 23:38 - 2019-01-05 23:38 - 000000437 _____ C:\Users\Public\Desktop\Monster Hunter World.lnk

2019-01-05 23:38 - 2019-01-05 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorePack

2019-01-05 00:29 - 2019-01-05 00:29 - 000000753 _____ C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

2019-01-05 00:29 - 2019-01-05 00:29 - 000000743 _____ C:\Users\Public\Desktop\Grand Theft Auto - EFLC.lnk

2019-01-04 14:00 - 2019-01-04 14:00 - 000000000 __SHD C:\ProgramData\SecuROM

2019-01-04 14:00 - 2019-01-04 14:00 - 000000000 ____D C:\ProgramData\XLive

2019-01-03 20:45 - 2019-01-20 11:44 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\Assassin's Creed Unity

2019-01-03 20:45 - 2019-01-03 20:45 - 000000000 ____D C:\ProgramData\Orbit

2019-01-03 20:33 - 2019-01-03 20:33 - 000000647 _____ C:\Users\Public\Desktop\Assassin's Creed Unity.lnk

2019-01-03 14:23 - 2019-01-03 14:23 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\LocalLow\Games Farm s_r_o_

2019-01-01 15:44 - 2019-01-01 15:45 - 000001122 _____ C:\Users\Minh Hung Nguyen\Desktop\WatchDogs2.exe.lnk

2019-01-01 15:27 - 2019-01-01 15:31 - 000860872 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys

2019-01-01 15:27 - 2016-12-27 10:23 - 000395024 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe

2018-12-24 12:15 - 2018-12-24 12:15 - 000526017 _____ C:\Users\Minh Hung Nguyen\Desktop\Lịch học.pdf

 

==================== One month (modified) ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2019-01-20 11:52 - 2018-05-15 10:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2019-01-20 11:52 - 2018-04-12 04:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2019-01-20 11:52 - 2017-07-19 12:30 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\CrashDumps

2019-01-20 11:52 - 2017-07-18 22:33 - 000000000 ____D C:\ProgramData\NVIDIA

2019-01-20 11:50 - 2017-07-19 10:50 - 000000000 ____D C:\Program Files\rempl

2019-01-20 11:49 - 2018-05-15 10:13 - 000000000 ____D C:\Users\Minh Hung Nguyen

2019-01-20 11:49 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2019-01-20 11:49 - 2017-08-21 10:41 - 000000000 ____D C:\ProgramData\boost_interprocess

2019-01-20 11:41 - 2018-10-11 21:48 - 000000008 __RSH C:\ProgramData\ntuser.pol

2019-01-20 11:39 - 2018-02-13 13:25 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\LocalLow\Temp

2019-01-20 11:39 - 2015-10-30 14:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

2019-01-19 13:56 - 2018-05-15 10:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2019-01-19 02:31 - 2017-07-19 11:13 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Roaming\DMCache

2019-01-19 01:28 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\AppReadiness

2019-01-19 00:50 - 2017-07-19 09:36 - 000000000 ____D C:\Program Files (x86)\Google

2019-01-19 00:47 - 2017-12-01 20:14 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\Visual Studio 2013

2019-01-18 10:04 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2019-01-18 00:59 - 2017-07-27 10:54 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\My Games

2019-01-18 00:06 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps

2019-01-16 13:21 - 2018-05-15 10:06 - 005066712 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2019-01-16 12:26 - 2018-11-09 15:03 - 000001024 ____H C:\AMTAG.BIN

2019-01-15 00:14 - 2017-07-19 07:09 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\Packages

2019-01-09 15:46 - 2018-05-28 00:58 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\NBGI

2019-01-09 15:23 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2019-01-09 15:23 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

2019-01-07 18:31 - 2018-04-12 06:36 - 000000000 ____D C:\WINDOWS\INF

2019-01-06 11:28 - 2018-05-16 21:39 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\D3DSCache

2019-01-05 23:38 - 2018-08-13 11:52 - 000000000 ____D C:\WINDOWS\SysWOW64\directx

2019-01-04 23:55 - 2017-08-09 12:39 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\Rockstar Games

2019-01-04 14:00 - 2017-08-03 10:03 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\Rockstar Games

2019-01-03 14:23 - 2017-07-21 22:12 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\FLiNGTrainer

2019-01-03 14:20 - 2017-07-19 09:43 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\ElevatedDiagnostics

2018-12-27 14:24 - 2018-12-12 12:55 - 000001268 _____ C:\Users\Minh Hung Nguyen\Desktop\CoreOptimizationNier_LaunchGameWithThis.bat.lnk

2018-12-21 11:35 - 2018-12-19 13:41 - 000000000 ____D C:\ProgramData\SP_FT_Logs

2018-12-21 11:04 - 2018-09-24 00:06 - 000002400 _____ C:\Users\Minh Hung Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2018-12-21 11:04 - 2017-07-19 09:31 - 000000000 ___RD C:\Users\Minh Hung Nguyen\OneDrive

 

==================== Files in the root of some directories =======

 

2018-04-12 06:34 - 2018-04-12 06:34 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\KuEuaUCo.exe

2018-04-12 06:34 - 2018-04-12 06:34 - 000060416 ____N (Microsoft Corporation) C:\Users\Minh Hung Nguyen\AppData\Roaming\UfGUsPi.exe

2018-04-12 06:34 - 2018-04-12 06:34 - 000178688 ____N (Microsoft Corporation) C:\Users\Minh Hung Nguyen\AppData\Roaming\yOLoEArU.exe

2019-01-20 11:49 - 2019-01-20 11:49 - 006161408 _____ () C:\Users\Minh Hung Nguyen\AppData\Local\dump007.dat

 

Some files in TEMP:

====================

2019-01-20 11:49 - 2019-01-20 11:49 - 000000000 ____D () C:\Users\Minh Hung Nguyen\AppData\Local\Temp\JSCore.dll

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2018-05-15 10:06

 

==================== End of FRST.txt ============================

Edited by zHugz, 20 January 2019 - 12:20 AM.

[Advertisements]

Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:

• Do not run any fixes or tools on your system unless I request that you do so.
• Please read all instructions completely before you complete them.
• If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
• If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
• If you have questions about anything, please ask.

--------------------

Sorry for the delay. If you still need help, please reply back to this thread.

[iMacg3]

Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:

• Do not run any fixes or tools on your system unless I request that you do so.
• Please read all instructions completely before you complete them.
• If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
• If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
• If you have questions about anything, please ask.

--------------------

Sorry for the delay. If you still need help, please reply back to this thread.

[iMacg3]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.