Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot open Google Chrome, crashes before opening window


  • This topic is locked This topic is locked
4 replies to this topic

#1 SpreadableFruit

SpreadableFruit

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 09 September 2015 - 08:12 PM

The problem is pretty much exactly as it says in the title, whenever I click the Chrome icon it highlights like any other program when opening, but then fades back before any windows are opened. I have installed plecs by Plexim for school, though I don't think it is related to this, it's just the last thing I installed before the problem started
I have tried uninstalling plecs, as well as many other programs, and I have run scans with

  • Malware Bytes antimalware
  • Microsoft security essentials
  • Spybot Search and Destroy

all with no results.

 

Here is my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by David (administrator) on LEVIATHAN (09-09-2015 17:59:29)
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David & Blaire)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
(Binary Fortress Software) E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Users\David\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Binary Fortress Software) E:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [F.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [DAEMON Tools Lite] => E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [DisplayFusion] => E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [645296 2009-12-09] (Binary Fortress Software)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Amazon Music] => C:\Users\David\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-06] (Spotify Ltd)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Spotify] => C:\Users\David\AppData\Roaming\Spotify\Spotify.exe [7535672 2015-09-06] (Spotify Ltd)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1448738595-64493416-255540935-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1448738595-64493416-255540935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1448738595-64493416-255540935-1000 -> {A34FDFAD-CF6C-44A0-A351-9842616A631B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=796C4CFF-CE9F-458A-BD53-535A57E2FF5E&apn_sauid=6389FB9D-70AE-46AA-95B3-0EE1048FB0EA
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tea8k4sz.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1448738595-64493416-255540935-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1448738595-64493416-255540935-1000: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1448738595-64493416-255540935-1000: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1448738595-64493416-255540935-1000: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-12-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR Extension: (Hover Zoom) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-12-29]
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 Copy
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 Copy\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-13]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 Copy\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-13]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 Copy\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-13]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 Copy\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-13]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 Copy\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-03]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 Copy\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 Copy\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-20] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-09 17:59 - 2015-09-09 17:59 - 00020020 _____ C:\Users\David\Downloads\FRST.txt
2015-09-09 17:58 - 2015-09-09 17:58 - 02190336 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-09-09 17:38 - 2015-09-09 17:38 - 00000316 _____ C:\Windows\PFRO.log
2015-09-09 07:35 - 2015-09-09 17:40 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-09 07:35 - 2015-09-09 17:39 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 07:35 - 2015-09-09 07:35 - 00929360 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup(1).exe
2015-09-09 07:35 - 2015-09-09 07:35 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-09 07:35 - 2015-09-09 07:35 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-09 07:35 - 2015-09-09 07:35 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-09 07:35 - 2015-09-09 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-09 07:31 - 2015-09-09 07:31 - 00929360 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2015-09-09 07:27 - 2015-09-09 17:38 - 00000112 _____ C:\Windows\setupact.log
2015-09-09 07:27 - 2015-09-09 07:27 - 00000000 _____ C:\Windows\setuperr.log
2015-09-08 20:32 - 2015-09-08 20:32 - 00000815 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-08 20:32 - 2015-09-08 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-08 20:31 - 2015-09-08 20:31 - 00242752 _____ C:\Users\David\Downloads\Firefox Setup Stub 40.0.3.exe
2015-09-07 20:17 - 2015-09-07 20:17 - 06520208 _____ (Tim Kosse) C:\Users\David\Downloads\FileZilla_3.13.1_win64-setup.exe
2015-09-01 22:11 - 2015-09-01 22:11 - 00036531 _____ C:\Users\David\Downloads\DBXenoverse_Stats.xlsx
2015-08-30 14:37 - 2015-08-30 14:37 - 00000000 ____D C:\Users\David\AppData\Local\Steam
2015-08-29 21:45 - 2015-08-29 21:45 - 00000000 ___HD C:\Users\David\AppData\Local\BANDAI NAMCO Games
2015-08-29 21:45 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-08-29 21:45 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-08-29 21:45 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-08-29 21:45 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-08-29 21:45 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-08-29 21:45 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-08-29 19:22 - 2015-08-29 19:22 - 00000957 _____ C:\Users\David\Desktop\Start Tor Browser.lnk
2015-08-29 19:22 - 2015-08-29 19:22 - 00000957 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-08-29 16:06 - 2015-09-09 07:25 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PLECS
2015-08-21 10:28 - 2015-08-21 10:26 - 06505624 _____ (Tim Kosse) C:\Users\David\Downloads\FileZilla_3.13.0_win64-setup.exe
2015-08-12 20:45 - 2015-08-12 20:47 - 07151352 _____ (Progdigy Software S.A.R.L. ) C:\Users\David\Downloads\CDisplayExWin64v1.10.29.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-09 17:59 - 2014-08-16 13:32 - 00000000 ____D C:\FRST
2015-09-09 17:59 - 2013-04-23 22:20 - 02069524 _____ C:\Windows\WindowsUpdate.log
2015-09-09 17:50 - 2014-05-31 15:15 - 00000000 ____D C:\Users\David\AppData\Roaming\DisplayFusion
2015-09-09 17:49 - 2013-03-03 15:14 - 00000000 ___HD C:\Users\David\AppData\Local\Adobe
2015-09-09 17:45 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-09 17:44 - 2015-05-03 19:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify
2015-09-09 17:44 - 2009-07-13 21:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-09 17:44 - 2009-07-13 21:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-09 17:41 - 2013-06-14 13:53 - 00000000 ___HD C:\Users\David\AppData\Local\Akamai
2015-09-09 17:39 - 2015-06-19 21:42 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-09 17:39 - 2015-05-03 19:49 - 00000000 ____D C:\Users\David\AppData\Local\Spotify
2015-09-09 17:39 - 2014-02-17 11:32 - 00000000 ____D C:\Temp
2015-09-09 17:38 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-09 07:35 - 2013-03-01 15:53 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-09 07:35 - 2013-03-01 15:52 - 00000000 ___HD C:\Users\David\AppData\Local\Google
2015-09-09 07:32 - 2013-04-12 22:01 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000UA.job
2015-09-08 20:38 - 2013-05-09 19:52 - 00000000 ____D C:\Users\David\AppData\Local\Mozilla
2015-09-08 20:32 - 2013-05-09 19:52 - 00000815 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-08 20:15 - 2015-06-07 10:29 - 00000000 ___HD C:\Users\David\AppData\Local\CrashDumps
2015-09-08 20:15 - 2014-07-29 17:36 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2015-09-08 20:15 - 2013-04-10 18:40 - 00000000 ____D C:\Windows\Minidump
2015-09-08 20:15 - 2013-03-17 16:30 - 00000000 ____D C:\Users\David\AppData\Roaming\FileZilla
2015-09-08 20:15 - 2013-03-01 18:46 - 00000000 ____D C:\Users\David\AppData\Roaming\DAEMON Tools Lite
2015-09-08 20:10 - 2014-08-17 18:07 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD The Forgotten
2015-09-08 20:07 - 2014-09-10 11:55 - 00000000 ____D C:\ProgramData\Origin
2015-09-08 20:07 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-08 19:54 - 2014-07-19 15:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-08 19:53 - 2014-07-19 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-08 19:53 - 2014-07-19 15:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-07 20:27 - 2015-08-09 20:15 - 00000600 _____ C:\Users\David\AppData\Roaming\PUTTY.RND
2015-09-07 17:32 - 2013-04-12 22:01 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000Core.job
2015-09-07 13:24 - 2013-03-03 15:20 - 00000000 ____D C:\Windows\system32\appmgmt
2015-09-03 18:08 - 2009-07-13 22:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-29 21:28 - 2014-12-30 20:11 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-29 17:27 - 2013-04-12 22:01 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000UA
2015-08-29 17:27 - 2013-04-12 22:01 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000Core
2015-08-22 16:23 - 2013-03-03 15:24 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2015-08-21 12:37 - 2013-04-17 09:11 - 00000600 ____H C:\Users\David\AppData\Local\PUTTY.RND
2015-08-12 18:19 - 2015-08-07 12:13 - 00000000 ____D C:\Users\David\AppData\Roaming\Notepad++
2015-08-12 18:19 - 2015-06-19 21:42 - 00000000 ____D C:\Windows\AutoKMS
2015-08-12 18:19 - 2015-05-02 17:32 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-12 18:19 - 2013-10-14 16:12 - 00000000 ____D C:\Users\Blaire
2015-08-12 18:19 - 2013-03-01 18:48 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-08-12 18:19 - 2009-07-14 00:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-12 18:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-08-12 17:52 - 2013-03-01 15:40 - 00000000 ____D C:\Users\David

==================== Files in the root of some directories =======

2014-08-17 18:14 - 2013-11-07 11:31 - 0642052 ____R () C:\Program Files (x86)\steam_api.dll
2014-08-17 18:14 - 2013-11-07 11:32 - 0002100 ____R () C:\Program Files (x86)\steam_api.ini
2015-01-10 08:05 - 2015-08-07 12:32 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-08-09 20:15 - 2015-09-07 20:27 - 0000600 _____ () C:\Users\David\AppData\Roaming\PUTTY.RND
2013-04-17 09:11 - 2015-08-21 12:37 - 0000600 ____H () C:\Users\David\AppData\Local\PUTTY.RND
2013-06-15 08:24 - 2013-06-15 08:24 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 20:25

==================== End of FRST.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:10 PM

Posted 10 September 2015 - 01:21 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1448738595-64493416-255540935-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1448738595-64493416-255540935-1000 -> {A34FDFAD-CF6C-44A0-A351-9842616A631B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=796C4CFF-CE9F-458A-BD53-535A57E2FF5E&apn_sauid=6389FB9D-70AE-46AA-95B3-0EE1048FB0EA
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

If the problem persists with Chrome.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
<<<>>>


How is the computer running now?

#3 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 10 September 2015 - 09:56 PM

Chome seems to be working normally again.

Thanks for your help!

Here is the fixlog if you're still interested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by David (2015-09-10 19:39:58) Run:3
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David & Blaire)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1448738595-64493416-255540935-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1448738595-64493416-255540935-1000 -> {A34FDFAD-CF6C-44A0-A351-9842616A631B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=796C4CFF-CE9F-458A-BD53-535A57E2FF5E&apn_sauid=6389FB9D-70AE-46AA-95B3-0EE1048FB0EA
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]


End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1448738595-64493416-255540935-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1448738595-64493416-255540935-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A34FDFAD-CF6C-44A0-A351-9842616A631B}" => key removed successfully
HKCR\CLSID\{A34FDFAD-CF6C-44A0-A351-9842616A631B} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
catchme => service removed successfully
EmptyTemp: => 979.7 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 19:40:19



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:10 PM

Posted 11 September 2015 - 08:00 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:10 PM

Posted 17 September 2015 - 09:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users