Jump to content

parydairy

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Update: while the "Google Chrome is not responding" issue didn't occur yesterday, unfortunately it happened just now and I had no choice but to restart my PC again... I'm beginning to think that this really is some sort of bug instead of malware, since I apparently don't have any malware. So, I'm not sure what I can do about it.
  2. Today I'll be using chrome to do various coursework, so I'll be able to see if it still becomes unresponsive randomly (and also if the strange clicking sound has stopped). Since there were no viruses, I'm going to assume that this is definitely a chrome issue, then? A friend of mine says that the chrome on her PC has also been freezing lately, so who knows!
  3. Hello, here are the new logs! It seems that nothing was found in any of them, and as a result, there is no log for Sophos Virus Removal. Fixlog.txt malwarebytes log.txt AdwCleaner[C3].txt
  4. Thanks for the reply! Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-02-2017 Ran by Captain Shrek-it (administrator) on CAPTAINSHREK-IT (10-02-2017 15:31:45) Running from C:\Users\Captain Shrek-it\Desktop Loaded Profiles: Captain Shrek-it (Available Profiles: Captain Shrek-it) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_6\mcapexe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.3.290.0\McCSPServiceHost.exe (Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\Legacy\McClientAnalytics.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-04-10] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [gorbachev] => "C:\Program Files (x86)\mancinelli\awb.exe" HKU\S-1-5-21-2111600263-1044781416-20770998-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-04-09] (AMD) HKU\S-1-5-21-2111600263-1044781416-20770998-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.) HKU\S-1-5-21-2111600263-1044781416-20770998-1000\...\RunOnce: [Uninstall C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" HKU\S-1-5-21-2111600263-1044781416-20770998-1000\...\RunOnce: [Uninstall C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.5951.0827" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-25] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-25] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{195ec8a1-134c-4a07-a241-2772bc4294f4}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2111600263-1044781416-20770998-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2111600263-1044781416-20770998-1000 -> {4F89A34C-0CCD-496C-8D9E-8677AF8FD521} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US91005D20140510&p={searchTerms} SearchScopes: HKU\S-1-5-21-2111600263-1044781416-20770998-1000 -> {B82D0CAB-15A2-4824-BEE6-16DB2E1EEE5B} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-06-13] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-06-13] (McAfee, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-06-13] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-06-13] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-2111600263-1044781416-20770998-1000 -> hxxp://google.com/ FireFox: ======== FF DefaultProfile: oq17koi8.default FF ProfilePath: C:\Users\Captain Shrek-it\AppData\Roaming\Mozilla\Firefox\Profiles\oq17koi8.default [2017-02-10] FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-09] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-26] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2111600263-1044781416-20770998-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxps://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxp://google.com/" CHR Profile: C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default [2016-06-13] CHR Extension: (Google Docs) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03] CHR Extension: (Google Drive) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Dolphins) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\comjiiebdbhpfpdiehcaielmdjlmhplp [2016-01-18] CHR Extension: (Google Search) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Tampermonkey) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-20] CHR Extension: (SiteAdvisor) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-02] CHR Extension: (Stylish) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-05] CHR Extension: (XKit) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-10-11] CHR Extension: (HTTPS Everywhere) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-06-09] CHR Extension: (Google Docs Offline) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14] CHR Extension: (MagicScroll eBook Reader) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-03-08] CHR Extension: (AdBlock) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01] CHR Extension: (Kindle Cloud Reader) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-04-26] CHR Extension: (New XKit) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-10-10] CHR Extension: (Image Search Options) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2016-05-31] CHR Extension: (Momentum) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-06-03] CHR Extension: (TumTaster) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nanfbkacbckngfcklahdgfagjlghfbgm [2015-06-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Better History) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-06-06] CHR Extension: (Gmail) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27] CHR Profile: C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-10] CHR Extension: (Google Slides) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-19] CHR Extension: (Google Docs) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-19] CHR Extension: (Google Drive) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19] CHR Extension: (YouTube) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19] CHR Extension: (Adblock Plus) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Dolphins) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\comjiiebdbhpfpdiehcaielmdjlmhplp [2016-06-13] CHR Extension: (Google Search) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19] CHR Extension: (Google Sheets) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-19] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-11-28] CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-01-25] CHR Extension: (Google Docs Offline) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13] CHR Extension: (New XKit) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-11-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-19] CHR Extension: (Chrome Media Router) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR Profile: C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-01-13] CHR Extension: (Google Slides) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13] CHR Extension: (Google Docs) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13] CHR Extension: (Google Drive) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13] CHR Extension: (YouTube) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13] CHR Extension: (Adblock Plus) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-28] CHR Extension: (Google Sheets) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-09-27] CHR Extension: (Stylish) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-09-27] CHR Extension: (Google Docs Offline) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27] CHR Extension: (New XKit) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\inobiceghmpkaklcknpniboilbjmlald [2016-09-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-13] CHR Extension: (Gmail) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13] CHR Extension: (Chrome Media Router) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-27] CHR Profile: C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-23] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-16] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation) R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1725640 2017-01-26] (Intel Security) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-06-13] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.) R2 mfevtp; C:\windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-01] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-01] (Electronic Arts) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [145144 2015-12-10] (AhnLab, Inc.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation ) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-07-01] (Zemana Ltd.) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-10 15:31 - 2017-02-10 15:34 - 00031838 _____ C:\Users\Captain Shrek-it\Desktop\FRST.txt 2017-02-10 15:31 - 2017-02-10 15:31 - 00000000 ____D C:\FRST 2017-02-10 15:30 - 2017-02-10 15:31 - 02421248 _____ (Farbar) C:\Users\Captain Shrek-it\Desktop\FRST64.exe 2017-02-10 15:24 - 2017-02-10 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-02-05 22:37 - 2017-02-05 22:37 - 00560722 _____ C:\Users\Captain Shrek-it\Desktop\PSY 236 syllabus.pdf 2017-02-02 17:39 - 2017-02-02 17:39 - 00000120 _____ C:\Users\Captain Shrek-it\Desktop\WHAT TO STUDY.txt 2017-01-30 21:43 - 2017-01-30 21:43 - 00048639 _____ C:\Users\Captain Shrek-it\Desktop\meet-mwd-the-hottest-dog-model-in-town-L-1x1RKD.jpeg 2017-01-25 16:21 - 2017-02-10 14:52 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse 2017-01-25 14:47 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 14:47 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-24 11:30 - 2017-01-24 11:30 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-01-24 11:30 - 2017-01-24 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-01-24 11:30 - 2017-01-24 11:30 - 00000000 ____D C:\Program Files\iTunes 2017-01-24 11:30 - 2017-01-24 11:30 - 00000000 ____D C:\Program Files\iPod 2017-01-24 11:24 - 2017-01-24 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2017-01-20 23:30 - 2017-01-20 23:30 - 00262144 ____N C:\WINDOWS\Minidump\012017-27796-01.dmp 2017-01-18 14:43 - 2017-02-09 14:56 - 00000000 ____D C:\Users\Captain Shrek-it\Downloads\BTS 2017-01-16 14:47 - 2017-02-03 02:00 - 00000000 ____D C:\Users\Captain Shrek-it\Desktop\NEW DLS 2017-01-15 17:28 - 2017-01-15 17:28 - 00000040 ____H C:\71463AAD6F40 2017-01-15 13:58 - 2017-01-15 17:25 - 00000000 ____D C:\Users\Captain Shrek-it\Desktop\S4 Screenies 2017-01-14 15:08 - 2017-01-14 15:08 - 00001463 _____ C:\Users\Captain Shrek-it\Desktop\Origin.exe - Shortcut.lnk 2017-01-13 01:18 - 2017-01-13 01:18 - 00000000 ____D C:\Users\Captain Shrek-it\.QtWebEngineProcess 2017-01-13 01:18 - 2017-01-13 01:18 - 00000000 ____D C:\Users\Captain Shrek-it\.Origin 2017-01-13 00:49 - 2017-01-13 00:49 - 03988944 _____ C:\Users\Captain Shrek-it\Desktop\adwcleaner_6.042.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-10 15:33 - 2016-07-01 14:28 - 00033166 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-02-10 15:30 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-10 15:30 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-10 15:25 - 2015-12-07 15:07 - 02627874 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-10 15:21 - 2016-09-25 11:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-10 15:20 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-10 15:20 - 2015-07-29 19:39 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-02-10 15:16 - 2016-09-25 11:12 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2017-02-10 15:13 - 2016-09-25 10:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-09 21:45 - 2016-09-25 10:53 - 00000000 ____D C:\Users\Captain Shrek-it 2017-02-09 00:17 - 2016-07-18 16:10 - 00000000 ____D C:\AdwCleaner 2017-02-09 00:10 - 2016-08-10 02:26 - 00000000 ____D C:\ProgramData\Origin 2017-02-09 00:07 - 2016-08-10 02:39 - 00000000 ____D C:\Users\Captain Shrek-it\AppData\Roaming\Origin 2017-02-07 23:17 - 2014-04-10 15:31 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 23:17 - 2014-04-10 15:31 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 16:07 - 2016-07-15 22:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM 2017-02-05 22:28 - 2015-07-29 19:54 - 00000000 ____D C:\Users\Captain Shrek-it\AppData\Local\Packages 2017-02-04 11:59 - 2016-06-13 19:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-03 03:43 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-03 00:02 - 2016-01-22 05:31 - 00000000 ____D C:\Program Files (x86)\The Sims 4 2017-02-01 23:47 - 2016-08-10 02:25 - 00000000 ____D C:\Program Files (x86)\Origin 2017-01-26 21:30 - 2013-11-22 03:10 - 00000000 ____D C:\ProgramData\McAfee 2017-01-26 14:26 - 2013-11-22 03:10 - 00000000 ____D C:\Program Files\Common Files\mcafee 2017-01-26 14:24 - 2016-07-16 03:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2017-01-26 14:23 - 2016-09-25 11:12 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2017-01-26 14:23 - 2016-09-25 11:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2017-01-25 17:47 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-01-25 16:22 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-24 16:07 - 2014-04-17 15:50 - 00000000 ____D C:\Users\Captain Shrek-it\Documents\FF 2017-01-24 11:30 - 2014-04-10 22:41 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-01-21 15:41 - 2015-04-10 10:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-20 23:31 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF 2017-01-20 23:30 - 2016-09-27 13:43 - 00000000 ____D C:\WINDOWS\Minidump 2017-01-20 12:22 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-01-20 12:18 - 2013-11-22 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-01-16 15:38 - 2016-08-10 02:39 - 00000000 ____D C:\Users\Captain Shrek-it\AppData\Local\Origin 2017-01-15 17:25 - 2014-04-19 12:56 - 00000132 _____ C:\Users\Captain Shrek-it\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-01-13 02:13 - 2016-08-10 02:26 - 00000000 ____D C:\ProgramData\Electronic Arts 2017-01-13 02:13 - 2014-04-18 11:02 - 00000000 ____D C:\Users\Captain Shrek-it\Documents\Electronic Arts 2017-01-12 13:27 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-11 22:45 - 2016-09-25 11:12 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-01-11 18:32 - 2014-10-01 23:48 - 00000000 ____D C:\Users\Captain Shrek-it\Desktop\Lockscreens 2017-01-11 14:23 - 2015-07-29 19:54 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-11 14:22 - 2016-09-25 10:48 - 00420968 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Provisioning ==================== Files in the root of some directories ======= 2014-04-19 12:56 - 2017-01-15 17:25 - 0000132 _____ () C:\Users\Captain Shrek-it\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-06-13 18:41 - 2015-06-26 11:08 - 0294400 _____ (CodePlex Community) C:\Users\Captain Shrek-it\AppData\Local\Microsoft.Win32.TaskScheduler.dll 2014-09-03 19:08 - 2014-09-03 19:08 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-09-25 10:50 - 2016-09-25 10:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-11-10 18:39 - 2016-11-10 18:39 - 0000016 _____ () C:\ProgramData\mntemp ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-23 15:08 ==================== End of FRST.txt ============================ Addition.txt
  5. I'm not entirely sure if my issue is virus related or not, but I thought I'd ask about it just in case because it does seem rather serious. So, I have 2 things going on with my PC right now: 1. for the past several weeks or even longer, I hear a random "click" noise whenever I use my PC. It happens every 20-40 minutes, maybe. It's the exact same sound effect as when you open file explorer and begin clicking through various folders. It's as if there's a ghost looking through folders in the background while I'm browsing the web or playing Sims 4... 2. for the past few days, my Google chrome browser has been freezing randomly--sometimes multiple times a day. It just becomes unresponsive for no reason, and then I can't use it again until I've restarted my PC. I thought that this may've been a chrome problem in itself, but when I tried to use Microsoft Edge or Firefox, they remained unresponsive until I restarted. I use Windows 10 (unfortunately) and part of me hopes this is a Windows issue and not a virus issue, since I've had plenty of issues with Windows 10 already (random restarts, anyone?) But again, I'm entirely unsure! Edit: Forgot to mention, but I've run scans with malwarebytes and adwcleaner but they haven't detected anything--adwcleaner only detected 1 file once, but the problem persists...
  6. Thank you SO much for all of your help, Kevin!!! It was very much appreciated, thank you.
  7. And then here is the log for Sophos. Starting clean up now. 2016-07-01 23:20:25.053 Sophos Virus Removal Tool version 2.5.5 2016-07-01 23:20:25.053 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-07-01 23:20:25.053 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-07-01 23:20:25.053 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64 2016-07-01 23:20:25.054 Checking for updates... 2016-07-01 23:20:25.077 Update progress: proxy server not available 2016-07-01 23:20:32.131 Downloading updates... 2016-07-01 23:20:32.132 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-07-01 23:20:32.142 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-07-01 23:20:32.142 Update progress: [I49502] Found supplement IDE527 LATEST 2016-07-01 23:20:32.142 Update progress: [I49502] Found supplement IDE528 LATEST 2016-07-01 23:20:32.142 Update progress: [I49502] Found supplement IDE529 LATEST 2016-07-01 23:20:32.142 Update progress: [I49502] Found supplement IDE530 LATEST 2016-07-01 23:20:32.142 Update progress: [I49502] Found supplement IDE531 LATEST 2016-07-01 23:20:32.142 Update progress: [I49502] Found supplement IDE532 LATEST 2016-07-01 23:20:32.142 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-07-01 23:20:32.143 Update progress: [I19463] Syncing product SAVIW32 70 2016-07-01 23:20:38.048 Update progress: [I19463] Syncing product IDE527 142 2016-07-01 23:20:42.542 Option all = no 2016-07-01 23:20:42.542 Option recurse = yes 2016-07-01 23:20:42.542 Option archive = no 2016-07-01 23:20:42.542 Option service = yes 2016-07-01 23:20:42.542 Option confirm = yes 2016-07-01 23:20:42.542 Option sxl = yes 2016-07-01 23:20:42.546 Option max-data-age = 35 2016-07-01 23:20:42.546 Option EnableSafeClean = yes 2016-07-01 23:20:43.954 Installing updates... 2016-07-01 23:20:52.753 Option vdl-logging = yes 2016-07-01 23:20:53.759 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-07-01 23:20:53.760 Machine ID: 79ed590cf99f40a9a7da4d4895e7ca1b 2016-07-01 23:20:53.760 Component SVRTcli.exe version 2.5.5 2016-07-01 23:20:53.760 Component control.dll version 2.5.5 2016-07-01 23:20:53.760 Component SVRTservice.exe version 2.5.5 2016-07-01 23:20:53.760 Component engine\osdp.dll version 1.44.1.2250 2016-07-01 23:20:53.761 Component engine\veex.dll version 3.65.0.2250 2016-07-01 23:20:53.761 Component engine\savi.dll version 9.0.1.2250 2016-07-01 23:20:53.761 Component rkdisk.dll version 1.5.30.0 2016-07-01 23:20:53.761 Version info: Product version 2.5.5 2016-07-01 23:20:53.761 Version info: Detection engine 3.65.0 2016-07-01 23:20:53.761 Version info: Detection data 5.26 2016-07-01 23:20:53.761 Version info: Build date 4/5/2016 2016-07-01 23:20:53.761 Version info: Data files added 558 2016-07-01 23:20:53.762 Version info: Last successful update (not yet updated) 2016-07-01 23:20:53.762 Error level 1 2016-07-01 23:20:53.801 Update progress: [I19463] Syncing product IDE528 127 2016-07-01 23:20:53.801 Update progress: [I19463] Syncing product IDE529 135 2016-07-01 23:20:53.801 Update progress: [I19463] Syncing product IDE530 160 2016-07-01 23:20:53.801 Update progress: [I19463] Syncing product IDE531 1 2016-07-01 23:20:53.801 Update progress: [I19463] Syncing product IDE532 1 2016-07-01 23:21:05.814 Update successful 2016-07-01 23:21:25.865 Option all = no 2016-07-01 23:21:25.883 Option recurse = yes 2016-07-01 23:21:25.883 Option archive = no 2016-07-01 23:21:25.883 Option service = yes 2016-07-01 23:21:25.883 Option confirm = yes 2016-07-01 23:21:25.883 Option sxl = yes 2016-07-01 23:21:25.883 Option max-data-age = 35 2016-07-01 23:21:25.883 Option EnableSafeClean = yes 2016-07-01 23:21:27.102 Option vdl-logging = yes 2016-07-01 23:21:27.109 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-07-01 23:21:27.109 Machine ID: 79ed590cf99f40a9a7da4d4895e7ca1b 2016-07-01 23:21:27.111 Component SVRTcli.exe version 2.5.5 2016-07-01 23:21:27.111 Component control.dll version 2.5.5 2016-07-01 23:21:27.111 Component SVRTservice.exe version 2.5.5 2016-07-01 23:21:27.112 Component engine\osdp.dll version 1.44.1.2250 2016-07-01 23:21:27.112 Component engine\veex.dll version 3.65.0.2250 2016-07-01 23:21:27.112 Component engine\savi.dll version 9.0.1.2250 2016-07-01 23:21:27.115 Component rkdisk.dll version 1.5.30.0 2016-07-01 23:21:27.115 Version info: Product version 2.5.5 2016-07-01 23:21:27.116 Version info: Detection engine 3.65.0 2016-07-01 23:21:27.116 Version info: Detection data 5.26 2016-07-01 23:21:27.116 Version info: Build date 4/5/2016 2016-07-01 23:21:27.116 Version info: Data files added 558 2016-07-01 23:21:27.116 Version info: Last successful update 7/1/2016 4:21:05 PM 2016-07-01 23:58:04.029 Could not open C:\hiberfil.sys 2016-07-01 23:58:22.103 Could not open C:\pagefile.sys 2016-07-02 00:23:27.198 >>> Virus 'Troj/Agent-AJTU' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\rld.dll 2016-07-02 00:23:39.364 >>> Virus 'Troj/Agent-APRJ' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\RldOrigin.dll 2016-07-02 00:23:52.790 >>> Virus 'Troj/Agent-APRJ' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\RldOrigin_x64.dll 2016-07-02 00:26:21.857 Could not open C:\swapfile.sys 2016-07-02 00:26:22.203 Could not open C:\System Volume Information\{2de25c22-337f-11e6-9c81-e03f49e6da1b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-02 00:26:22.204 Could not open C:\System Volume Information\{314f0811-3f23-11e6-9c88-e03f49e6da1b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-02 00:26:22.205 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-02 00:26:22.205 Could not open C:\System Volume Information\{b6d34e11-30cf-11e6-9c76-e03f49e6da1b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-02 00:26:22.206 Could not open C:\System Volume Information\{b7f65966-3806-11e6-9c83-e03f49e6da1b}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-02 00:27:30.222 Could not open C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Current Session 2016-07-02 00:27:30.223 Could not open C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Current Tabs 2016-07-02 00:59:32.353 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-07-02 00:59:32.356 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-07-02 00:59:37.248 Could not open C:\Windows\System32\config\BBI 2016-07-02 00:59:37.653 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-07-02 00:59:37.691 Could not open C:\Windows\System32\config\RegBack\SAM 2016-07-02 00:59:37.695 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-07-02 00:59:37.706 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-07-02 00:59:37.712 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-07-02 01:32:10.158 Could not open LOGICAL:0005:00000000 2016-07-02 01:32:10.181 Could not open F:\ 2016-07-02 01:32:10.291 Could not open PHYSICAL:0081:0000:0000:0001 2016-07-02 01:32:10.328 The following items will be cleaned up: 2016-07-02 01:32:10.329 Troj/Agent-AJTU 2016-07-02 01:32:10.329 Troj/Agent-APRJ
  8. The Sophos one is taking a while to finish, but here is the AdwCleaner log: # AdwCleaner v5.201 - Logfile created 01/07/2016 at 16:11:48 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-01.1 [Server] # Operating system : Windows 10 Home (X64) # Username : Captain Shrek-it - CAPTAINSHREK-IT # Running from : C:\Users\Captain Shrek-it\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\WINDOWS\cSysSecure1.0.0.5 [-] Folder Deleted : C:\Users\Captain Shrek-it\AppData\Roaming\Systweak [-] Folder Deleted : C:\Users\Captain Shrek-it\AppData\Roaming\YourFileDownloader ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : YourFile DownloaderUpdate ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] Key Deleted : HKCU\Software\USyndication [-] Key Deleted : HKCU\Software\usyndication.com [-] Key Deleted : HKCU\Software\YourFileDownloader [-] Key Deleted : HKCU\Software\MICROSOFT\OTUT [-] Key Deleted : HKCU\Software\systweak [-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS [-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader [-] Key Deleted : HKLM\SOFTWARE\systweak [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2B7D2293-F53D-4D14-93E0-90035631F71B}] [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mpc.am [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mpc.am [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mpc.am [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mpc.am [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SYSSECURE ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2808 bytes] - [01/07/2016 16:11:48] C:\AdwCleaner\AdwCleaner[S1].txt - [6874 bytes] - [01/07/2016 13:41:06] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2954 bytes] ##########
  9. The Sophos one is taking a while to finish, but here is the AdwCleaner log: # AdwCleaner v5.201 - Logfile created 01/07/2016 at 16:11:48 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-01.1 [Server] # Operating system : Windows 10 Home (X64) # Username : Captain Shrek-it - CAPTAINSHREK-IT # Running from : C:\Users\Captain Shrek-it\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\WINDOWS\cSysSecure1.0.0.5 [-] Folder Deleted : C:\Users\Captain Shrek-it\AppData\Roaming\Systweak [-] Folder Deleted : C:\Users\Captain Shrek-it\AppData\Roaming\YourFileDownloader ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : YourFile DownloaderUpdate ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] Key Deleted : HKCU\Software\USyndication [-] Key Deleted : HKCU\Software\usyndication.com [-] Key Deleted : HKCU\Software\YourFileDownloader [-] Key Deleted : HKCU\Software\MICROSOFT\OTUT [-] Key Deleted : HKCU\Software\systweak [-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS [-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader [-] Key Deleted : HKLM\SOFTWARE\systweak [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2B7D2293-F53D-4D14-93E0-90035631F71B}] [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mpc.am [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mpc.am [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mpc.am [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mpc.am [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SYSSECURE ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2808 bytes] - [01/07/2016 16:11:48] C:\AdwCleaner\AdwCleaner[S1].txt - [6874 bytes] - [01/07/2016 13:41:06] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2954 bytes] ##########
  10. It seems that the issue has been fixed! My browser no longer opens to Index and now opens to Google! Do I still have to download and run AdwCleaner and Sophos?
  11. Here's the Zemana log: Zemana AntiMalware 2.21.2.139 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/7/1 Operating System : Windows 10 64-bit Processor : 4X AMD A10-6700 APU with Radeon(tm) HD Graphics BIOS Mode : Legacy CUID : 1243C3A715EC124CE35B70 Scan Type : Smart Scan Duration : 9m 40s Scanned Objects : 116558 Detected Objects : 8 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Internet Explorer Shortcut Status : Scanned Object : " MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Internet Explorer Shortcut Internet Explorer Shortcut Status : Scanned Object : " MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Internet Explorer Shortcut Internet Explorer Search Status : Scanned Object : Search The Web (buenosearch) - http://buenosearch.com MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Internet Explorer Search Chrome Shortcut Status : Scanned Object : " MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Shortcut Chrome Shortcut Status : Scanned Object : " MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Shortcut Chrome Shortcut Status : Scanned Object : " MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Shortcut Chrome Shortcut Status : Scanned Object : " MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Shortcut Hosts File Status : Scanned Object : %systemroot%\system32\drivers\etc\hosts MD5 : 243C0898B4676FBCE7A885E540CB33E8 Publisher : - Size : 1068 Version : - Detection : Hosts Hijack Cleaning Action : Repair Related Objects : Hosts file - Too many empty lines in Hosts file File - %systemroot%\system32\drivers\etc\hosts Cleaning Result ------------------------------------------------------- Cleaned : 8 Reported as safe : 0 Failed : 0
  12. Zemana is nearly finished, but I have a question about the options listed. I noticed that it says "Repair" for everything instead of "Quarantine." Is that supposed to be this way?
  13. Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016 Ran by Captain Shrek-it (2016-07-01 15:09:33) Run:3 Running from C:\Users\Captain Shrek-it\Desktop Loaded Profiles: Captain Shrek-it (Available Profiles: Captain Shrek-it & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: Move: C:\Windows\SysWOW64\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll.old Move: C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll Move: C:\Windows\System32\dnsapi.dll C:\Windows\System32\dnsapi.dll.old Move: C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll C:\Windows\System32\dnsapi.dll end ***************** Restore point was successfully created. Processes closed successfully. "C:\Windows\SysWOW64\dnsapi.dll" moved successfully to C:\Windows\SysWOW64\dnsapi.dll.old "C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll" moved successfully to C:\Windows\SysWOW64\dnsapi.dll "C:\Windows\System32\dnsapi.dll" moved successfully to C:\Windows\System32\dnsapi.dll.old "C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll" moved successfully to C:\Windows\System32\dnsapi.dll The system needed a reboot. ==== End of Fixlog 15:09:35 ====
  14. Whoops, I'm sorry I'm going too fast! I didn't see your recent post and ran the fix without creating a new store point... however, this time it ran without error and allowed me to restart. The error from before hasn't shown up again, and my connection is still here. I'll be posting the log in just a moment.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.