JustAnAccount

I'm not sure about the blocks but I haven't received another notification about them. Aside from that everything seems to be working. Again thank you for the help.

oh my bad this should be it Fixlog.txt

fixlist.txt

it is not edit:from what I can see there is no tangos folder

Nothing came up on Sophos and here is the Farbar FRST.txt Addition.txt

just wondering why its blocking an not removing these? wb 1.txt wb2.txt wb3.txt wb4.txt

Here is the log and Sophos is running. # AdwCleaner 7.0.4.0 - Logfile created on Tue Oct 31 14:52:28 2017 # Updated on 2017/27/10 by Malwarebytes # Database: 10-30-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | AnonymizerGadget PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | AVBoost PUP.Optional.UpService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup PUP.Optional.AdService, [Key] - HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\Software\SetupCompany PUP.Optional.AdService, [Key] - HKCU\Software\SetupCompany PUP.Optional.AdService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Thank you for your help, should I be in safe mode when running this? Scan Log1 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/31/17 Scan Time: 6:27 AM Log File: 6ebc8718-be2e-11e7-8638-6cc217749cf2.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3137 License: Trial -System Information- OS: Windows 10 (Build 14393.1770) CPU: x64 File System: NTFS User: DESKTOP-KNUISRV\Admin -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 427777 Threats Detected: 107 Threats Quarantined: 106 Time Elapsed: 14 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 36 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Delete-on-Reboot, [5422], [425124],1.0.3137 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{040B0A47-040D-780C-0911-7E7E790A110D}, Quarantined, [5422], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0F8D59-A694-4AE1-9864-C6CAF4D9EB7B}, Quarantined, [5422], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0F8D59-A694-4AE1-9864-C6CAF4D9EB7B}, Quarantined, [5422], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7af33099eeb7acbcd14bcc13b2b8cbfd, Quarantined, [5422], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8DC31B4-00E0-4ABB-9138-23DFD3F36E1A}, Quarantined, [5422], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F8DC31B4-00E0-4ABB-9138-23DFD3F36E1A}, Quarantined, [5422], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\CONSOLE\TASKENG.EXE, Delete-on-Reboot, [5422], [425125],1.0.3137 Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Delete-on-Reboot, [4692], [424837],1.0.3137 PUP.Optional.Wajam, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\WajIEnhance, Delete-on-Reboot, [83], [244670],1.0.3137 PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [83], [-1],0.0.0 PUP.Optional.Tuto4PC, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\wewewe, Delete-on-Reboot, [69], [339689],1.0.3137 Adware.Tuto4PC, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\BIGTIME, Delete-on-Reboot, [395], [412877],1.0.3137 Adware.Tuto4PC, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\EWMON, Delete-on-Reboot, [395], [412878],1.0.3137 Adware.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, Delete-on-Reboot, [1745], [424293],1.0.3137 Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Delete-on-Reboot, [4692], [424837],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\28702896, Delete-on-Reboot, [8347], [397745],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\72453601, Delete-on-Reboot, [8347], [397745],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{01D0C828-C6F8-4722-BA35-679B781E4D31}, Delete-on-Reboot, [8347], [409657],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1A185B80-EF7C-4496-A1CA-634936A2E242}, Delete-on-Reboot, [8347], [407483],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\89036486, Delete-on-Reboot, [8347], [397745],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{42C60C89-07CE-40C3-9365-EC33739364CB}, Delete-on-Reboot, [8347], [407483],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{837C2F6E-9ABA-4F04-B6FE-C690F9071D98}, Delete-on-Reboot, [8347], [397783],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{852C0C62-7C76-4443-BAFB-6850185094F7}, Delete-on-Reboot, [8347], [409657],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A29A04D0-969C-426E-AACB-E38E34A89BDE}, Delete-on-Reboot, [8347], [407483],1.0.3137 Adware.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B146044A-DDA9-4ACB-B765-ED75F7D0B019}, Delete-on-Reboot, [1448], [402166],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B4D9D1FC-DC9B-4F80-91F6-BED797B781C7}, Delete-on-Reboot, [8347], [409657],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ga2870289628702896, Delete-on-Reboot, [8347], [409656],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ga7245360172453601, Delete-on-Reboot, [8347], [409656],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ga8903648689036486, Delete-on-Reboot, [8347], [409656],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\gak28702896k28702896, Delete-on-Reboot, [8347], [397782],1.0.3137 Adware.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\k28702896, Delete-on-Reboot, [1448], [402167],1.0.3137 Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\7af33099eeb7acbcd14bcc13b2b8cbfd, Delete-on-Reboot, [4692], [424836],1.0.3137 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [83], [170024],1.0.3137 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [83], [170024],1.0.3137 PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [83], [170024],1.0.3137 Registry Value: 26 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Delete-on-Reboot, [5422], [425124],1.0.3137 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Delete-on-Reboot, [5422], [425126],1.0.3137 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Delete-on-Reboot, [5422], [425125],1.0.3137 PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [83], [-1],0.0.0 PUP.Optional.Wajam, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [83], [-1],0.0.0 PUP.Optional.Wajam, HKU\S-1-5-21-4026864125-4051520201-3253931372-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [83], [-1],0.0.0 PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [83], [-1],0.0.0 Adware.Tuto4PC, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\BIGTIME|PARTNER, Delete-on-Reboot, [395], [412877],1.0.3137 Adware.Tuto4PC, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Delete-on-Reboot, [395], [412878],1.0.3137 Trojan.Downloader.E, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUN|9818135, Delete-on-Reboot, [2310], [451404],1.0.3137 Trojan.Downloader.E, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUN|3881854, Delete-on-Reboot, [2310], [451404],1.0.3137 Trojan.Downloader.E, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUN|9011084, Delete-on-Reboot, [2310], [451404],1.0.3137 Adware.Tuto4PC.Generic, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9818135, Delete-on-Reboot, [1334], [447062],1.0.3137 Adware.Tuto4PC.Generic, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9011084, Delete-on-Reboot, [1334], [447062],1.0.3137 Adware.Tuto4PC.Generic, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FO8DKO74D8UFVKG, Delete-on-Reboot, [1334], [392931],1.0.3137 Adware.Tuto4PC.Generic, HKU\S-1-5-21-4026864125-4051520201-3253931372-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3881854, Delete-on-Reboot, [1334], [447062],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{01D0C828-C6F8-4722-BA35-679B781E4D31}|PATH, Delete-on-Reboot, [8347], [409657],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1A185B80-EF7C-4496-A1CA-634936A2E242}|PATH, Delete-on-Reboot, [8347], [407483],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{42C60C89-07CE-40C3-9365-EC33739364CB}|PATH, Delete-on-Reboot, [8347], [407483],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{837C2F6E-9ABA-4F04-B6FE-C690F9071D98}|PATH, Delete-on-Reboot, [8347], [397783],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{852C0C62-7C76-4443-BAFB-6850185094F7}|PATH, Delete-on-Reboot, [8347], [409657],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A29A04D0-969C-426E-AACB-E38E34A89BDE}|PATH, Delete-on-Reboot, [8347], [407483],1.0.3137 Adware.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B146044A-DDA9-4ACB-B765-ED75F7D0B019}|PATH, Delete-on-Reboot, [1448], [402166],1.0.3137 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B4D9D1FC-DC9B-4F80-91F6-BED797B781C7}|PATH, Delete-on-Reboot, [8347], [409657],1.0.3137 Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\7af33099eeb7acbcd14bcc13b2b8cbfd|DISPLAYNAME, Delete-on-Reboot, [4692], [424836],1.0.3137 Adware.SearchAwesome.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\7af33099eeb7acbcd14bcc13b2b8cbfd|PUBLISHER, Delete-on-Reboot, [8919], [437519],1.0.3137 Registry Data: 10 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{079bed11-d6a6-43f5-ae82-8ded8ba4bbb0}|NameServer, Replace-on-Reboot, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{52c81f4d-ebb5-42d2-8dc1-f4c014da5f42}|NameServer, Replace-on-Reboot, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5dc9ac25-f963-409e-a295-adaa4debf9ee}|NameServer, Replace-on-Reboot, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5dc9ac25-f963-409e-a295-adaa4debf9ee}|DhcpNameServer, Replace-on-Reboot, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{79aa7530-ea5b-4e09-949a-6e80583f8b6e}|NameServer, Replace-on-Reboot, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c1dc7746-2b11-4d38-8019-50a30e971255}|NameServer, Replace-on-Reboot, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c1dc7746-2b11-4d38-8019-50a30e971255}|DhcpNameServer, Replaced, [1745], [-1],0.0.0 Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{dbdba7dd-c260-4087-ae56-48fbaa19947a}|NameServer, Replace-on-Reboot, [1745], [-1],0.0.0 Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\META-INF, Quarantined, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\images, Quarantined, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\js, Quarantined, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\y3tsn7t7.default\EXTENSIONS\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233, Quarantined, [8376], [450133],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata, Quarantined, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images, Quarantined, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\js, Quarantined, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3, Quarantined, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PBDPAJCDGKNPENDPMECAFMOPKNEFAFHA, Quarantined, [84], [302485],1.0.3137 File: 26 Rootkit.Agent.PUA, C:\Windows\System32\drivers\cgoxadhk.sys, Delete-on-Reboot, [6063], [429857],0.0.0 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\images\icon-128.png, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\images\icon-18.png, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\images\icon-48.png, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\images\icon-64.png, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\js\background.js, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\META-INF\manifest.mf, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\META-INF\mozilla.rsa, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\META-INF\mozilla.sf, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\index.html, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.SuperFind, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3tsn7t7.default\extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233\manifest.json, Delete-on-Reboot, [8376], [450133],1.0.3137 PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Delete-on-Reboot, [2849], [352008],0.0.0 PUP.Optional.QuickSearcher, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Removal Failed, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PBDPAJCDGKNPENDPMECAFMOPKNEFAFHA\1.1.3\MANIFEST.JSON, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-128.png, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-18.png, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-48.png, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-64.png, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\js\background.js, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata\computed_hashes.json, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata\verified_contents.json, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\0025a645, Delete-on-Reboot, [84], [302485],1.0.3137 PUP.Optional.QuickSearcher, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\index.html, Delete-on-Reboot, [84], [302485],1.0.3137 Rootkit.Agent.PUA, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\CGONQTXA.SYS-K.MBAM, Delete-on-Reboot, [6063], [429857],1.0.3137 PUP.Optional.SystemHealer, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\_IU14D2N.TMP, Delete-on-Reboot, [994], [363442],1.0.3137 Trojan.Wdfload, C:\WINDOWS\TEMP\G9CDD.TMP.EXE, Delete-on-Reboot, [453], [434372],1.0.3137 Physical Sector: 0 (No malicious items detected) (end) FRST Fixlog.txt

Thank you for helping me btw FRST.txt edit: Just want to say My profile name is Admin. (idk made me feel cool i guess)

I cant get into the recovery menu at all. Have tried the Shift+Restart, Settings>recovery>AdvancedStartup ,Cmd: shutdown /r /o /f /t 00 I can run the frst from the desktop or through the cmd(admin) if that helps. edit :I can boot into safe mode using system config. if that helps any.

I am using the 64bit version of windows 10. I do have a flashdrive.

Im not sure what to do I tried AVG but its not working. So I downloaded the malwarebytes installer bit its saying the installation was blocked by an administrator? (home pc) Edit: I tried Rkill then the installer also did not work. edit :This might be kinda silly but my pointer is also constantly loading.