Jump to content

MagreX

Members
  • Content Count

    7
  • Joined

  • Last visited

About MagreX

  • Rank
    New Member
  1. I see. That's a relief, thank you! I should point out that I was using Firefox only. I hardly ever use Chrome and I never use Internet Explorer or MIcrosoft Edge. Would this error message still pop up if I was using Firefox?
  2. Hi, thanks for the response. I tried to do what you said, but as soon as I opened up Internet Options and went to the Advanced Tab, everything you wanted me to do was already done, like so.
  3. Just posting an update. I hit "no" on the dialogue box and it went away, although I still want to know if I'm infected and/or what this thing was and what my next steps should be.
  4. Today, after I ran CCleaner for the first time in months (with an older version because I didn't feel like updating it), I got this really strange Script Error pop up. It's still here, I haven't closed it. I don't know what it means, but after Googling a bit, the only thread I found said that it was an infection and now I'm kinda spooked. Any idea? Malwarebytes doesn't find anything. The forum I saw told the other guy to run AdwCleaner, so I did, and that also apparently found nothing. Attached below is a screenshot of the script error pop-up. Please help!
  5. Thanks for the reply. I did what you asked and I'll provide the reports down below, however I have some new information. Windows Defender has recently begun to say it has found a trojan named "Trojan:Win32/Fuery.B!cl", and that it was allowed by me to execute or exist. I don't know what that means or when this happened, but it must have been recent. I ended up redoing all your instructions after this so the information might say something about this, but that's the weird thing. Malwarebytes doesn't seem to pick up this "Trojan:Win32/Fuery.B!cl" up, then in the logs below it picked up something called "Trojan:Win32/Fuerboos.C!cl". On Windows Defender, I clicked a button to not allow that Trojan to exist or whatever exemption it was talking about. Also, what are those files on the AVG report? I know they're old, but are they viruses I never removed? I've been using Malwarebytes ever since and it hasn't picked up anything. Regardless, here's the logs from what you asked. Note, we have 2 drives on this computer, so instead of a simple "Threat Scan", I did a "Custom Scan" and asked it to scan both hard drives. I still had it set to "scan for rootkits" and "scan within archives" and "treat PUPs and PUMs as malware". Also, when I used Adwcleaner, there was no reset nor anything to clean. It simply ended without picking up anything. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/10/19 Scan Time: 4:24 AM Log File: 3db47112-bb48-11e9-a8de-408d5ccb5cf2.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11946 License: Free -System Information- OS: Windows 10 (Build 17134.885) CPU: x64 File System: NTFS User: DESKTOP-3KHMORL\Magrex -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 439465 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 hr, 50 min, 43 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-08-09.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 08-10-2019 # Duration: 00:00:08 # OS: Windows 10 Home # Scanned: 35457 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1326 octets] - [06/08/2019 10:55:45] AdwCleaner[S01].txt - [1387 octets] - [10/08/2019 04:11:09] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ########## (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02 Ran by Ibe (administrator) on DESKTOP-3KHMORL (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (10-08-2019 06:24:36) Running from C:\Users\Magrex\Downloads Loaded Profiles: Magrex (Available Profiles: Magrex) Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atiesrxx.exe (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Magrex\AppData\Local\Microsoft\Teams\Update.exe [1790192 2019-08-03] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2441218187-1894512059-3307734916-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-06] (Google LLC -> Google LLC) Startup: C:\Users\Magrex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-06-06] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0038A916-2071-4408-A0D2-AFD008DE9979} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe Task: {0686B092-1305-48A4-BBAE-49EF628F1684} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {13E6F1B1-C649-4513-9812-CAE392427BB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3022093E-06BC-4FC5-AE90-60F3D4A7FE9B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {39F3A864-3AC0-4632-8F9C-0C0B2732EB56} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {442D7814-A30C-481C-92E8-4387FFEE2BFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {47713407-68A1-4EE2-B887-8B37242E92E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-17] (Piriform Software Ltd -> Piriform Software Ltd) Task: {58A29405-FF00-4C19-BBB2-F20D89331D0B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {601BAF21-0859-431C-BA5A-1287E815138A} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-03-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {60353BF3-CE71-4670-8EAD-46D2C55E54E3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {76B975A1-9B83-460A-889F-83F97C78FB6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {7969A5E7-CC44-47E9-B4AE-7E5B401D0148} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1551488 2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {797FB148-A6A5-47AD-BFA5-838985968853} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-03-26] (Advanced Micro Devices, Inc.) [File not signed] Task: {7C71D6D5-35A0-4C2C-BE0E-0CDF434FB0C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7DB73AE1-C7B2-452C-A302-03C3A1D7EB47} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {8DE584A4-A258-4852-A743-DEAE4748CA62} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {A2A02116-0F89-4ED5-A270-938D128676EB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {A4B2F5F5-BC2E-4616-98F6-2732F391013E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-07] (Google Inc -> Google Inc.) Task: {B96E6AD3-F390-44DA-9450-08CC62E3D563} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-07] (Google Inc -> Google Inc.) Task: {B9AF8E7B-4ED5-4CCB-A24F-691589743D1B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BBD1FA9C-9E62-47C1-B3CA-63A6C5D74225} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-3KHMORL-Magrex => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {CB97D99C-0042-4784-A8E5-552FA351E994} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {F3FDF1AE-1DD3-44A9-A15A-68965B0DD7CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {F49D155B-BEE9-4393-9E41-90E37118AE5C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {F719440C-CD27-4992-8DAB-16B0295CFAA6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-03-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {FC556184-5E52-4F1E-92C9-C54AD6BFCA4E} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-03-26] (Advanced Micro Devices, Inc.) [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0055b41c-80db-4f58-9fc0-0ad5a99809ce}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Edge: ====== Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-09-01] FireFox: ======== FF DefaultProfile: 7mxwx9oy.default-1537053740535 FF ProfilePath: C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535 [2019-08-10] FF Extension: (AdF.ly Skipper ★WORKING: 9/13/2017★) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2019-01-08] FF Extension: (Privacy Badger) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2019-07-10] FF Extension: (Reddit Enhancement Suite) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2019-06-09] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2019-07-25] FF Extension: (Snap Links) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\snaplinks@snaplinks.mozdev.org.xpi [2019-08-06] FF Extension: (uBlock Origin) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26] FF Extension: (BlockTube) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\{58204f8b-01c2-4bbc-98f8-9a90458fd9ef}.xpi [2019-07-18] FF Extension: (Thumbnail Rating Bar for YouTube™) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\{75ae8986-4c3e-4a52-a256-f8496f6a1fa8}.xpi [2019-05-02] FF Extension: (Save time by asking Buster to solve captchas for you.) - C:\Users\Magrex\AppData\Roaming\Mozilla\Firefox\Profiles\7mxwx9oy.default-1537053740535\Extensions\{e58d3966-3d76-4cd9-8552-1582fbc800c1}.xpi [2019-06-01] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) Chrome: ======= CHR Profile: C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default [2019-08-05] CHR Extension: (Slides) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-07] CHR Extension: (Docs) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-07] CHR Extension: (Google Drive) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-07] CHR Extension: (YouTube) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-07] CHR Extension: (Ratings Preview for YouTube™) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2018-08-19] CHR Extension: (uBlock Origin) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-28] CHR Extension: (Sheets) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-07] CHR Extension: (Google Docs Offline) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2019-06-15] CHR Extension: (Hide YouTube Comments) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehdmnjmaakacofbgmjgjapbbibhafoh [2018-08-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Magrex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atiesrxx.exe [508208 2019-04-03] (Advanced Micro Devices, Inc. -> AMD) R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-03-26] (AMD) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atikmdag.sys [52888368 2019-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atikmpag.sys [590128 2019-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107496 2018-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2018-05-29] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-07] (Malwarebytes Corporation -> Malwarebytes) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek ) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [57976 2017-04-06] (Shaul Eizikovich -> Shaul Eizikovich) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-11-22] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-10 06:24 - 2019-08-10 06:25 - 000025993 _____ C:\Users\Magrex\Downloads\FRST.txt 2019-08-10 05:21 - 2019-08-10 05:21 - 000000048 _____ C:\Users\Magrex\Desktop\Wallpapers.txt 2019-08-10 04:10 - 2019-08-10 06:24 - 000000000 ____D C:\FRST 2019-08-10 04:09 - 2019-08-10 04:09 - 002096640 _____ (Farbar) C:\Users\Magrex\Downloads\FRST64.exe 2019-08-07 17:56 - 2019-08-07 17:56 - 000000000 ____D C:\Users\Magrex\AppData\LocalLow\Ghost Town Games 2019-08-06 07:50 - 2019-08-06 07:50 - 000001021 _____ C:\Users\Magrex\Desktop\Skyrim (SKSE).lnk 2019-08-06 07:23 - 2019-08-06 07:23 - 000000201 _____ C:\Users\Magrex\Desktop\The Elder Scrolls V Skyrim.url 2019-08-05 19:44 - 2019-08-06 17:27 - 000000000 ____D C:\Users\Magrex\AppData\Local\Skyrim 2019-08-05 19:43 - 2019-08-05 20:19 - 000000000 ____D C:\Users\Magrex\AppData\Roaming\Vortex 2019-08-05 19:42 - 2019-08-05 19:42 - 000000000 ____D C:\ProgramData\Vortex 2019-08-04 18:59 - 2019-08-07 23:13 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-03 17:02 - 2019-08-03 20:22 - 000000000 ____D C:\Users\Magrex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation 2019-08-03 17:02 - 2019-08-03 20:21 - 000000000 ____D C:\Users\Magrex\AppData\Local\SquirrelTemp 2019-08-03 17:02 - 2019-08-03 17:02 - 000000000 ____D C:\Users\Magrex\AppData\Roaming\Microsoft Teams 2019-08-03 16:27 - 2019-08-03 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-08-03 16:26 - 2019-08-07 23:13 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-07-27 19:01 - 2019-07-27 19:01 - 000000537 _____ C:\Users\Public\Desktop\Overwatch.lnk 2019-07-18 13:45 - 2019-07-28 18:56 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-07-17 15:44 - 2019-07-17 15:44 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-17 15:44 - 2019-07-17 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-17 15:44 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-07-17 15:44 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-10 06:24 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-10 06:22 - 2018-05-15 13:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-10 04:22 - 2018-09-22 22:31 - 000000000 ____D C:\Users\Magrex\AppData\Local\Battle.net 2019-08-10 04:10 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-10 03:54 - 2018-03-27 14:11 - 000000000 ____D C:\Users\Magrex\AppData\LocalLow\Mozilla 2019-08-09 00:25 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-09 00:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-08 02:20 - 2018-03-07 21:14 - 000000000 ___HD C:\Users\Magrex\MicrosoftEdgeBackups 2019-08-08 01:11 - 2018-12-18 19:31 - 000003108 _____ C:\WINDOWS\System32\Tasks\AMDLinkUpdate 2019-08-08 00:20 - 2018-05-15 13:54 - 000000000 ____D C:\Users\Magrex 2019-08-07 23:17 - 2018-06-13 23:53 - 000495858 _____ C:\WINDOWS\system32\perfh012.dat 2019-08-07 23:17 - 2018-06-13 23:53 - 000132286 _____ C:\WINDOWS\system32\perfc012.dat 2019-08-07 23:17 - 2018-05-15 14:01 - 001457844 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-07 23:13 - 2018-07-28 17:32 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2019-08-07 23:12 - 2018-05-15 13:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-07 17:56 - 2019-07-04 18:25 - 000000272 _____ C:\Users\Magrex\Desktop\Overcooked.url 2019-08-06 18:32 - 2018-03-07 21:32 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-08-06 07:23 - 2017-06-11 22:44 - 000000000 ____D C:\Users\Magrex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2019-08-05 20:49 - 2019-06-17 13:05 - 000000000 ____D C:\Users\Magrex\Desktop\Stuff 2019-08-05 20:36 - 2018-04-30 23:23 - 000000000 ____D C:\Users\Magrex\Downloads\Installers 2019-08-05 20:34 - 2018-03-08 19:51 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-05 19:37 - 2018-09-04 12:59 - 000000000 ____D C:\Users\Magrex\Documents\My Games 2019-08-04 18:59 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-08-04 18:59 - 2018-03-07 20:13 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2019-08-03 16:27 - 2019-06-25 21:11 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-08-03 16:27 - 2019-06-25 21:11 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-08-03 16:27 - 2019-06-25 21:11 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-08-03 16:27 - 2019-06-25 21:11 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-08-03 16:27 - 2019-06-25 21:11 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-08-03 16:27 - 2019-06-25 21:11 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-08-03 16:27 - 2019-06-25 21:11 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-08-03 16:27 - 2019-06-16 13:45 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-08-03 16:26 - 2018-03-10 19:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-08-01 21:04 - 2019-06-18 16:52 - 000000000 ____D C:\Program Files\rempl 2019-07-31 21:40 - 2019-04-14 13:20 - 000000000 ____D C:\Users\Magrex\Documents\Overwatch 2019-07-28 18:56 - 2018-09-15 19:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-26 20:41 - 2018-03-08 19:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-18 17:36 - 2018-09-15 19:22 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-17 15:44 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP ==================== Files in the root of some directories ================ 2019-02-09 17:42 - 2019-04-09 19:21 - 000037720 _____ () C:\Users\Magrex\AppData\Local\oobelibMkey.log 2019-04-13 16:36 - 2019-04-13 16:36 - 000002693 _____ () C:\Users\Magrex\AppData\Local\recently-used.xbel ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition.txt
  6. When I scanned my computer last with AVG, these were the responses. It said 2 of them were quarantined, but my computer has still been acting up.
  7. I downloaded several mods for a video game and after a bit, process that I don't remember having have been found in Task Manager running in the background along with a slower computer than what it used to be.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.