Arimyth Posted October 12, 2017 ID:1171980 Share Posted October 12, 2017 My windows 7 desktop seems to be infected with some kind of adware. It has evaded multiple malwarebytes scans as well as bitdefender pro scans. There are several culprits, including puttr18, searchbind.net, pipeschannels, adsh*t, etc. These will open in a new tab at any time, even if I click somewhere random on the screen where there isn't any kind of visible trigger. They will either redirect to some scammy site or just close on their own. I have found NO way to prevent this. There appear to be no fishy programs on my computer, no fishy processes running, nothing. Initially virus scanning yielded a couple results, but the problem persists and they no longer find anything. Another thing that happens is that certain words will be highlighted and clicking on them will open some more scam sites. This works and has been tested with both browsers on my computer (chrome and opera) whether in incognito, private browsing, new sessions and users, doesn't matter. This means it's on my computer and not an extension or anything like that. Link to post Share on other sites More sharing options...
kevinf80 Posted October 12, 2017 ID:1172100 Share Posted October 12, 2017 Hello Arimyth and welcome to Malwarebytes, Follow the instructions at this link and post the requested logs: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Thank you, Kevin Link to post Share on other sites More sharing options...
Arimyth Posted October 12, 2017 Author ID:1172133 Share Posted October 12, 2017 Sorry, here are the logs: FRST.txt Addition.txt mwb.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 12, 2017 ID:1172173 Share Posted October 12, 2017 Thanks for those logs, do not see any obvious Malware or Infection.... continue: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download RogueKiller and save it on your desktop, ensure to download correct version..RogueKiller (X86)RogueKiller (x64) Exit all running applications. Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue. If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon. Click "Start Scan" to begin the analysis. This may take some time. Once the scan is complete, click the "Open TXT" button to display the scan report. Copy/Paste it's content in your next reply. Do not use the delete option until i`ve had a look at the log.. Let me see those logs in your reply... Thank you, Kevin fixlist.txt Link to post Share on other sites More sharing options...
Arimyth Posted October 12, 2017 Author ID:1172224 Share Posted October 12, 2017 Attached is Fixlog.txt, below typed out is the RogueKiller log. RogueKiller V12.11.19.0 (x64) [Oct 9 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Brandon [Administrator] Started from : C:\Users\Brandon\Downloads\RogueKiller_portable64.exe Mode : Scan -- Date : 10/12/2017 13:04:39 (Duration : 00:15:22) ¤¤¤ Processes : 11 ¤¤¤ [Suspicious.Path] Franz.exe(1296) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(5776) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(6132) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(6944) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(6952) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(6960) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(6968) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(6976) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(7004) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(7056) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found [Suspicious.Path] Franz.exe(7100) -- C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe[7] -> Found ¤¤¤ Registry : 7 ¤¤¤ [PUP.AdInstaller] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk -> Found [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2700185069-337209265-1189023076-1000\Software\Microsoft\Windows\CurrentVersion\Run | Franz : "C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe" [7] -> Found [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2700185069-337209265-1189023076-1000\Software\Microsoft\Windows\CurrentVersion\Run | Franz : "C:\Users\Brandon\AppData\Local\Franz\app-4.0.4\Franz.exe" [7] -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2700185069-337209265-1189023076-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://web-fast-access.com/wpad.dat?3118156cbce7d2a4ab6f648a4935390234516216 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2700185069-337209265-1189023076-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://web-fast-access.com/wpad.dat?3118156cbce7d2a4ab6f648a4935390234516216 -> Found [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://web-fast-access.com/wpad.dat?3118156cbce7d2a4ab6f648a4935390234516216 -> Found [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://web-fast-access.com/wpad.dat?3118156cbce7d2a4ab6f648a4935390234516216 -> Found ¤¤¤ Tasks : 1 ¤¤¤ [Hj.Shortcut] \{CB7CAA57-403D-40EF-A6DA-47828019907F} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (https://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsProgressBar) -> Found ¤¤¤ Files : 8 ¤¤¤ [PUP.AdInstaller][Folder] C:\ProgramData\AnyDesk -> Found [PUP.AdInstaller][File] C:\Users\Public\Desktop\AnyDesk.lnk [LNK@] C:\PROGRA~2\AnyDesk\AnyDesk.exe -> Found [PUP.AdInstaller][Folder] C:\Users\Brandon\AppData\Roaming\AnyDesk -> Found [PUP.AdInstaller][Folder] C:\ProgramData\AnyDesk -> Found [PUP.AdInstaller][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk -> Found [PUP.AdInstaller][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [LNK@] C:\PROGRA~2\AnyDesk\AnyDesk.exe --control -> Found [PUP.AdInstaller][Folder] C:\Program Files (x86)\AnyDesk -> Found [PUP.AdInstaller][File] C:\Users\Public\Desktop\AnyDesk.lnk [LNK@] C:\PROGRA~2\AnyDesk\AnyDesk.exe -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 8 ¤¤¤ [PUP.Gen0][Chrome:Addon] Default : Shortcuts for Google? [baohinapilmkigilbbbcccncoljkdpnd] -> Found [PUP.Gen0][Chrome:Addon] Default : New tab page by start.me [cfmnkhhioonhiehehedmnjibmampjiab] -> Found [PUP.Gen0][Chrome:Addon] Default : Chameleon [dmpojjilddefgnhiicjcmhbkjgbbclob] -> Found [PUP.Gen0][Chrome:Addon] Profile 1 : Chameleon [dmpojjilddefgnhiicjcmhbkjgbbclob] -> Found [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://mail.google.com/mail/u/0/#inbox|https://www.evernote.com/Home.action|https://calendar.sunrise.am/|https://mail.google.com/tasks/canvas?pli=1] -> Found [PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [http://soundcloud.com/ecnetwork|http://gmail.com/] -> Found [PUM.HomePage][Chrome:Config] Profile 2 [SecurePrefs] : session.startup_urls [http://soundcloud.com/sylexserver] -> Found [PUM.HomePage][Chrome:Config] Profile 3 [SecurePrefs] : session.startup_urls [http://soundcloud.com/arimythalt] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: PNY CS1311 120GB SSD ATA Device +++++ --- User --- [MBR] 1cb7da68115b8c1bdaa439b97bb11260 [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB 1 - Macintosh HD | Offset (sectors): 409640 | Size: 113653 MB 2 - Recovery HD | Offset (sectors): 233172072 | Size: 619 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST1000DM003-1SB102 ATA Device +++++ --- User --- [MBR] 7bb3d976a7e654cf9e91dcaaa64db91b [BSP] 4c29f22e8a77b43c5c612fe7526510f6 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: PNY CS1311 240GB SSD ATA Device +++++ --- User --- [MBR] 3c08e76ebe56156c24e216a6ae070af0 [BSP] d51cf52efaeef13bfec458489acce777 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB 1 - Windows | Offset (sectors): 411648 | Size: 228735 MB User = LL1 ... OK User = LL2 ... OK Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 13, 2017 ID:1172302 Share Posted October 13, 2017 RogueKiller found entries all check ok, what is the current status of your system, are there any remaining issues or concerns..? One more scan: Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Link to post Share on other sites More sharing options...
Arimyth Posted October 13, 2017 Author ID:1172464 Share Posted October 13, 2017 Hello, I will use my computer for a while and see if the issues persist before running the last scan and report back. Link to post Share on other sites More sharing options...
Arimyth Posted October 13, 2017 Author ID:1172474 Share Posted October 13, 2017 Hello, it seems as though the pipeschannel popup at the very least has persisted. I haven't used my PC long enough to tell about the rest but I will continue. Link to post Share on other sites More sharing options...
kevinf80 Posted October 13, 2017 ID:1172477 Share Posted October 13, 2017 Let know what happens, also post Sophos log. Chrome is your default browser so I assume that is the affected browser... Once we get the Sophos log we can do another couple of fixes to remove pipeschannel.... Link to post Share on other sites More sharing options...
Arimyth Posted October 13, 2017 Author ID:1172486 Share Posted October 13, 2017 Hello, both opera and chrome browser that I use gets affected, whether in incognito, new user, etc. Link to post Share on other sites More sharing options...
kevinf80 Posted October 13, 2017 ID:1172487 Share Posted October 13, 2017 Thanks for that update, post log from Sophos whenever ready then we can continue... Link to post Share on other sites More sharing options...
Arimyth Posted October 14, 2017 Author ID:1172685 Share Posted October 14, 2017 Hello, I just ran the Sophos scan and it shows no threats. I cannot send anything since details is grayed out, presumably since there are no threats it detected, However, the problems I initially described still remain. Link to post Share on other sites More sharing options...
kevinf80 Posted October 14, 2017 ID:1172688 Share Posted October 14, 2017 Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Next, Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one) *.exe Mirror http://smeenk.247fixes.com/Tools/zoek.exe Temporary disable your AntiVirus and AntiSpyware protection - instructions here or here Right-click on icon and select Run as Administrator to start the tool. Wait patiently until the main console will appear, it may take a minute or two. In the main box please paste in the following script: Quote createsrpoint; autoclean; emptyclsid; emptyalltemp; ipconfig /flushdns >>"%temp%\log.txt";b iedefaults; FFdefaults; CHRdefaults; Make sure that Scan All Users option is checked. Push Run Script and wait patiently. The scan may take a couple of minutes. When the scan completes, a zoek-results logfile should open in notepad. If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive) Please include its content in your next reply. Don't forget to re-enable security software! Post those logs, also let me know if any issues or concerns remain.. Thank you, Kevin....... Link to post Share on other sites More sharing options...
Arimyth Posted October 15, 2017 Author ID:1172780 Share Posted October 15, 2017 Attached is zemana.txt, and pasted below is zoek-results.txt: Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by Brandon on Sat 10/14/2017 at 22:29:04.03. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Brandon\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 10/14/2017 10:29:50 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\McAfee deleted successfully C:\PROGRA~3\AquaSnap deleted successfully C:\Users\Brandon\AppData\Roaming\QuickScan deleted successfully C:\Users\Brandon\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\982o00bf.default\prefs.js: Added to C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\982o00bf.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Batch Command(s) Run By Tool====================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\McAfee not found C:\PROGRA~2\VstPlugins deleted C:\Users\Brandon\AppData\Roaming\Unity deleted C:\Users\Brandon\AppData\Roaming\Visual Studio Setup deleted C:\Users\Brandon\.android deleted C:\PROGRA~3\Package Cache deleted C:\Users\Brandon\AppData\Local\Unity deleted C:\Users\Brandon\AppData\LocalLow\Unity deleted "C:\Users\Brandon\AppData\Roaming\discord\Cookies" not deleted "C:\Users\Brandon\AppData\Roaming\discord\Cookies-journal" not deleted "C:\Users\Brandon\AppData\Roaming\discord\modules.log" not deleted "C:\Users\Brandon\AppData\Roaming\discord\Cache\data_0" deleted "C:\Users\Brandon\AppData\Roaming\discord\Cache\data_1" deleted "C:\Users\Brandon\AppData\Roaming\discord\Cache\data_2" deleted "C:\Users\Brandon\AppData\Roaming\discord\Cache\data_3" deleted "C:\Users\Brandon\AppData\Roaming\discord\Cache\index" deleted "C:\Users\Brandon\AppData\Roaming\discord\GPUCache\data_0" deleted "C:\Users\Brandon\AppData\Roaming\discord\GPUCache\data_1" deleted "C:\Users\Brandon\AppData\Roaming\discord\GPUCache\data_2" deleted "C:\Users\Brandon\AppData\Roaming\discord\GPUCache\data_3" deleted "C:\Users\Brandon\AppData\Roaming\discord\GPUCache\index" deleted "C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage" not deleted "C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage-journal" not deleted "C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_w.soundcloud.com_0.localstorage" not deleted "C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_w.soundcloud.com_0.localstorage-journal" not deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node" deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node" deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node" deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node" deleted "C:\Users\Brandon\AppData\Roaming\discord" not deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298" not deleted "C:\Users\Brandon\AppData\Roaming\discord\Cache" not deleted "C:\Users\Brandon\AppData\Roaming\discord\GPUCache" not deleted "C:\Users\Brandon\AppData\Roaming\discord\Local Storage" not deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules" not deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_contact_import" not deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_rpc" not deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_utils" not deleted "C:\Users\Brandon\AppData\Roaming\discord\0.0.298\modules\discord_voice" not deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\982o00bf.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\982o00bf.default 2C6C5C551AF6ED376960A12CEB5DE3D3 - C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U121 3391BC7B2BDAF9B07564BB4AEF0BC098 - C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.1210.13 9E01CD6E36D2C1F60030687C90A40753 - C:\Users\Brandon\AppData\Roaming\Zoom\bin\npzoomplugin.dll - Zoom launcher - 3.0.1 ==== Chromium Look ====================== BIODIGITAL HUMAN - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak Shortcuts for Google™ - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd Desmos Graphing Calculator - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko ColorZilla - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp Math Mahjong - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbcfbhpnngegochhbdlanodnmijfplal uBlock₀ - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm Google Tasks - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\denjcdefjebbmlihdoojnebochnkgcin Tampermonkey - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo Chameleon - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob Flashcards - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae Razor Robotics - Learn about Robots - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkgahnohapkoinbbljfnihggdleofpg Black Menu for Google™ - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke Favicon Badges - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnaohmeicdkcipkhddeaibfhmbobbfm IQTELL - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdccnpaoemhnnmekglmjlpeeochillh GoToMeeting Pro Screensharing - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp Planetarium - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp Best Education Apps - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglmfdgjlbhgpmadafhlekoafbodhfna StudentBook - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiimjijildjkajollpjecaocbbjfobed Vector Paint - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo Reddit Enhancement Suite - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb Poppit - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi 3D Solar System Web - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd Boomerang for Gmail - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll Guitar Chords - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\megglpjmadjmghjegnallnhiknjnnjhh ChemReference Periodic Table - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpnebljmdbglkmlnijcaplhfhkhdnib True Key™ by Intel Security - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn videospeed - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk Save to Pocket - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj Scientific Calculator - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog Chrome Media Router - Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm uBlock₀ - Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm Chameleon - Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob Chrome Media Router - Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Chrome Media Router - Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Chrome Media Router - Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully C:\Users\Brandon\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully C:\Users\Brandon\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Brandon\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4937 folders=528 509051043 bytes) ==== Empty Temp Folders ====================== C:\Users\Brandon\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Brandon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Brandon\AppData\Roaming\discord\Cookies" not found "C:\Users\Brandon\AppData\Roaming\discord\Cookies-journal" not found "C:\Users\Brandon\AppData\Roaming\discord\modules.log" not found "C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage" not found "C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage-journal" not found "C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_w.soundcloud.com_0.localstorage" not found "C:\Users\Brandon\AppData\Roaming\discord\Local Storage\https_w.soundcloud.com_0.localstorage-journal" not found "C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found "C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found "C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted "C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted "C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted "C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted "C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted "C:\Users\Brandon\AppData\Roaming\discord" not found ==== EOF on Sat 10/14/2017 at 22:42:00.13 ====================== zemana.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 15, 2017 ID:1172796 Share Posted October 15, 2017 Thanks for those logs, how is your PC behaving now, any remaining issues or concerns.... Thanks, Kevin.. Link to post Share on other sites More sharing options...
Arimyth Posted October 15, 2017 Author ID:1172948 Share Posted October 15, 2017 So far, everything's behaving well! I'll keep you updated as I've only used it for a couple hours. Link to post Share on other sites More sharing options...
kevinf80 Posted October 15, 2017 ID:1172951 Share Posted October 15, 2017 Thanks for the update, i`m offline in 10 mins, been a very long day.... Link to post Share on other sites More sharing options...
Arimyth Posted October 17, 2017 Author ID:1173406 Share Posted October 17, 2017 Everything seems good, except my PC and Ram usage shoots up to 100% at times. Link to post Share on other sites More sharing options...
kevinf80 Posted October 17, 2017 ID:1173419 Share Posted October 17, 2017 Set your system to run in Clean Boot mode, that is all none system services disabled. Obviously any that effect internet or security can be left active. Full instructions at following link: https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows Let me know if there is any improvement... Link to post Share on other sites More sharing options...
kevinf80 Posted October 21, 2017 ID:1174800 Share Posted October 21, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts