Jump to content

Recommended Posts

I'm not entirely sure if my issue is virus related or not, but I thought I'd ask about it just in case because it does seem rather serious. So, I have 2 things going on with my PC right now:

1. for the past several weeks or even longer, I hear a random "click" noise whenever I use my PC. It happens every 20-40 minutes, maybe. It's the exact same sound effect as when you open file explorer and begin clicking through various folders. It's as if there's a ghost looking through folders in the background while I'm browsing the web or playing Sims 4...

2. for the past few days, my Google chrome browser has been freezing randomly--sometimes multiple times a day. It just becomes unresponsive for no reason, and then I can't use it again until I've restarted my PC. I thought that this may've been a chrome problem in itself, but when I tried to use Microsoft Edge or Firefox, they remained unresponsive until I restarted. 

I use Windows 10 (unfortunately) and part of me hopes this is a Windows issue and not a virus issue, since I've had plenty of issues with Windows 10 already (random restarts, anyone?) But again, I'm entirely unsure!

Edit: Forgot to mention, but I've run scans with malwarebytes and adwcleaner but they haven't detected anything--adwcleaner only detected 1 file once, but the problem persists...

Edited by parydairy
Link to post
Share on other sites

Hello parydairy and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Thanks for the reply! Here are the logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-02-2017

Ran by Captain Shrek-it (administrator) on CAPTAINSHREK-IT (10-02-2017 15:31:45)
Running from C:\Users\Captain Shrek-it\Desktop
Loaded Profiles: Captain Shrek-it (Available Profiles: Captain Shrek-it)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.3.290.0\McCSPServiceHost.exe
(Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\Legacy\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-04-10] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gorbachev] => "C:\Program Files (x86)\mancinelli\awb.exe"
HKU\S-1-5-21-2111600263-1044781416-20770998-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-04-09] (AMD)
HKU\S-1-5-21-2111600263-1044781416-20770998-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2111600263-1044781416-20770998-1000\...\RunOnce: [Uninstall C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-2111600263-1044781416-20770998-1000\...\RunOnce: [Uninstall C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Captain Shrek-it\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-25] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{195ec8a1-134c-4a07-a241-2772bc4294f4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2111600263-1044781416-20770998-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2111600263-1044781416-20770998-1000 -> {4F89A34C-0CCD-496C-8D9E-8677AF8FD521} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US91005D20140510&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2111600263-1044781416-20770998-1000 -> {B82D0CAB-15A2-4824-BEE6-16DB2E1EEE5B} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-06-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-06-13] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-06-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-06-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2111600263-1044781416-20770998-1000 -> hxxp://google.com/

FireFox:
========
FF DefaultProfile: oq17koi8.default
FF ProfilePath: C:\Users\Captain Shrek-it\AppData\Roaming\Mozilla\Firefox\Profiles\oq17koi8.default [2017-02-10]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-26] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2111600263-1044781416-20770998-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://google.com/"
CHR Profile: C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default [2016-06-13]
CHR Extension: (Google Docs) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Dolphins) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\comjiiebdbhpfpdiehcaielmdjlmhplp [2016-01-18]
CHR Extension: (Google Search) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Tampermonkey) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-20]
CHR Extension: (SiteAdvisor) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-02]
CHR Extension: (Stylish) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-05]
CHR Extension: (XKit) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-10-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-03-08]
CHR Extension: (AdBlock) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-04-26]
CHR Extension: (New XKit) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-10-10]
CHR Extension: (Image Search Options) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2016-05-31]
CHR Extension: (Momentum) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-06-03]
CHR Extension: (TumTaster) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nanfbkacbckngfcklahdgfagjlghfbgm [2015-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Better History) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-06-06]
CHR Extension: (Gmail) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Profile: C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-10]
CHR Extension: (Google Slides) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-19]
CHR Extension: (Google Docs) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-19]
CHR Extension: (Google Drive) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19]
CHR Extension: (Adblock Plus) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Dolphins) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\comjiiebdbhpfpdiehcaielmdjlmhplp [2016-06-13]
CHR Extension: (Google Search) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Sheets) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-19]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-11-28]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (New XKit) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-01-13]
CHR Extension: (Google Slides) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
CHR Extension: (Google Docs) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Google Drive) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (YouTube) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Adblock Plus) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-28]
CHR Extension: (Google Sheets) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-09-27]
CHR Extension: (Stylish) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (New XKit) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\inobiceghmpkaklcknpniboilbjmlald [2016-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-13]
CHR Extension: (Gmail) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Extension: (Chrome Media Router) - C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-27]
CHR Profile: C:\Users\Captain Shrek-it\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1725640 2017-01-26] (Intel Security)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-06-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-01] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-01] (Electronic Arts)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [145144 2015-12-10] (AhnLab, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-07-01] (Zemana Ltd.)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 15:31 - 2017-02-10 15:34 - 00031838 _____ C:\Users\Captain Shrek-it\Desktop\FRST.txt
2017-02-10 15:31 - 2017-02-10 15:31 - 00000000 ____D C:\FRST
2017-02-10 15:30 - 2017-02-10 15:31 - 02421248 _____ (Farbar) C:\Users\Captain Shrek-it\Desktop\FRST64.exe
2017-02-10 15:24 - 2017-02-10 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-05 22:37 - 2017-02-05 22:37 - 00560722 _____ C:\Users\Captain Shrek-it\Desktop\PSY 236 syllabus.pdf
2017-02-02 17:39 - 2017-02-02 17:39 - 00000120 _____ C:\Users\Captain Shrek-it\Desktop\WHAT TO STUDY.txt
2017-01-30 21:43 - 2017-01-30 21:43 - 00048639 _____ C:\Users\Captain Shrek-it\Desktop\meet-mwd-the-hottest-dog-model-in-town-L-1x1RKD.jpeg
2017-01-25 16:21 - 2017-02-10 14:52 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-25 14:47 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:47 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 11:30 - 2017-01-24 11:30 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-24 11:30 - 2017-01-24 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-24 11:30 - 2017-01-24 11:30 - 00000000 ____D C:\Program Files\iTunes
2017-01-24 11:30 - 2017-01-24 11:30 - 00000000 ____D C:\Program Files\iPod
2017-01-24 11:24 - 2017-01-24 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-20 23:30 - 2017-01-20 23:30 - 00262144 ____N C:\WINDOWS\Minidump\012017-27796-01.dmp
2017-01-18 14:43 - 2017-02-09 14:56 - 00000000 ____D C:\Users\Captain Shrek-it\Downloads\BTS
2017-01-16 14:47 - 2017-02-03 02:00 - 00000000 ____D C:\Users\Captain Shrek-it\Desktop\NEW DLS
2017-01-15 17:28 - 2017-01-15 17:28 - 00000040 ____H C:\71463AAD6F40
2017-01-15 13:58 - 2017-01-15 17:25 - 00000000 ____D C:\Users\Captain Shrek-it\Desktop\S4 Screenies
2017-01-14 15:08 - 2017-01-14 15:08 - 00001463 _____ C:\Users\Captain Shrek-it\Desktop\Origin.exe - Shortcut.lnk
2017-01-13 01:18 - 2017-01-13 01:18 - 00000000 ____D C:\Users\Captain Shrek-it\.QtWebEngineProcess
2017-01-13 01:18 - 2017-01-13 01:18 - 00000000 ____D C:\Users\Captain Shrek-it\.Origin
2017-01-13 00:49 - 2017-01-13 00:49 - 03988944 _____ C:\Users\Captain Shrek-it\Desktop\adwcleaner_6.042.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 15:33 - 2016-07-01 14:28 - 00033166 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-10 15:30 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-10 15:30 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 15:25 - 2015-12-07 15:07 - 02627874 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-10 15:21 - 2016-09-25 11:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-10 15:20 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-10 15:20 - 2015-07-29 19:39 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-10 15:16 - 2016-09-25 11:12 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-10 15:13 - 2016-09-25 10:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-09 21:45 - 2016-09-25 10:53 - 00000000 ____D C:\Users\Captain Shrek-it
2017-02-09 00:17 - 2016-07-18 16:10 - 00000000 ____D C:\AdwCleaner
2017-02-09 00:10 - 2016-08-10 02:26 - 00000000 ____D C:\ProgramData\Origin
2017-02-09 00:07 - 2016-08-10 02:39 - 00000000 ____D C:\Users\Captain Shrek-it\AppData\Roaming\Origin
2017-02-07 23:17 - 2014-04-10 15:31 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 23:17 - 2014-04-10 15:31 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 16:07 - 2016-07-15 22:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-02-05 22:28 - 2015-07-29 19:54 - 00000000 ____D C:\Users\Captain Shrek-it\AppData\Local\Packages
2017-02-04 11:59 - 2016-06-13 19:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-03 03:43 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-03 00:02 - 2016-01-22 05:31 - 00000000 ____D C:\Program Files (x86)\The Sims 4
2017-02-01 23:47 - 2016-08-10 02:25 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-26 21:30 - 2013-11-22 03:10 - 00000000 ____D C:\ProgramData\McAfee
2017-01-26 14:26 - 2013-11-22 03:10 - 00000000 ____D C:\Program Files\Common Files\mcafee
2017-01-26 14:24 - 2016-07-16 03:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-26 14:23 - 2016-09-25 11:12 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-01-26 14:23 - 2016-09-25 11:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-01-25 17:47 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-25 16:22 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 16:07 - 2014-04-17 15:50 - 00000000 ____D C:\Users\Captain Shrek-it\Documents\FF
2017-01-24 11:30 - 2014-04-10 22:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-21 15:41 - 2015-04-10 10:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 23:31 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-20 23:30 - 2016-09-27 13:43 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-20 12:22 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-20 12:18 - 2013-11-22 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-16 15:38 - 2016-08-10 02:39 - 00000000 ____D C:\Users\Captain Shrek-it\AppData\Local\Origin
2017-01-15 17:25 - 2014-04-19 12:56 - 00000132 _____ C:\Users\Captain Shrek-it\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-01-13 02:13 - 2016-08-10 02:26 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-01-13 02:13 - 2014-04-18 11:02 - 00000000 ____D C:\Users\Captain Shrek-it\Documents\Electronic Arts
2017-01-12 13:27 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 22:45 - 2016-09-25 11:12 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 18:32 - 2014-10-01 23:48 - 00000000 ____D C:\Users\Captain Shrek-it\Desktop\Lockscreens
2017-01-11 14:23 - 2015-07-29 19:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 14:22 - 2016-09-25 10:48 - 00420968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 14:20 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Provisioning

==================== Files in the root of some directories =======

2014-04-19 12:56 - 2017-01-15 17:25 - 0000132 _____ () C:\Users\Captain Shrek-it\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-06-13 18:41 - 2015-06-26 11:08 - 0294400 _____ (CodePlex Community) C:\Users\Captain Shrek-it\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2014-09-03 19:08 - 2014-09-03 19:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-25 10:50 - 2016-09-25 10:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-10 18:39 - 2016-11-10 18:39 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-23 15:08

==================== End of FRST.txt ============================

Addition.txt

Edited by parydairy
Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Clean install Malwarebytes from version 2 to version 3...

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Today I'll be using chrome to do various coursework, so I'll be able to see if it still becomes unresponsive randomly (and also if the strange clicking sound has stopped). Since there were no viruses, I'm going to assume that this is definitely a chrome issue, then? A friend of mine says that the chrome on her PC has also been freezing lately, so who knows! 

Link to post
Share on other sites

Update: while the "Google Chrome is not responding" issue didn't occur yesterday, unfortunately it happened just now and I had no choice but to restart my PC again... I'm beginning to think that this really is some sort of bug instead of malware, since I apparently don't have any malware. So, I'm not sure what I can do about it. :(

Link to post
Share on other sites

Lets go for a clean install of Chrome, see if that makes any difference...If your Chrome Bookmarks are important do this first:


Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help...?
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.