Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random pop ups


  • This topic is locked This topic is locked
25 replies to this topic

#1 flicka728

flicka728

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 23 June 2016 - 07:53 PM

Recently, whenever I go on Google Chrome (no matter what the site may be) random pages will pop up. Some till open up in the same browser while others will take control of the page I'm on, while other ones may pop up in a new browser. I thought that this issue would go away after I run avast and Malwarebites and all that, but I assumed wrong. Can anyone help me with this issue? It's quite annoying.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 25 June 2016 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know if the problems persists.

#3 flicka728

flicka728
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 26 June 2016 - 09:16 PM

# AdwCleaner v5.009 - Logfile created 01/10/2015 at 13:52:40
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Alexandria - ALEXANDRIA
# Running from : C:\Users\Alexandria\Desktop\AdwCleaner.exe
# Option : Scan
# Support : hxxp://toolslib.net/forum
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater18.1.5
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\wisen wizard
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Found : C:\Users\Alexandria\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Alexandria\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Alexandria\AppData\Local\genienext
Folder Found : C:\Users\Alexandria\AppData\Local\Mobogenie
Folder Found : C:\Users\Alexandria\AppData\Local\pokki
Folder Found : C:\Users\Alexandria\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Alexandria\AppData\Roaming\newnext.me
Folder Found : C:\Users\Alexandria\AppData\Roaming\Jamenize
Folder Found : C:\Users\Alexandria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found : C:\Users\Alexandria\Documents\Mobogenie
Folder Found : C:\Users\Alexandria\Favorites\StumbleUpon
Folder Found : C:\Users\Alexandria\Favorites\StumbleUpon
 
***** [ Files ] *****
 
File Found : C:\Users\Alexandria\daemonprocess.txt
File Found : C:\Users\Alexandria\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage-journal
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\FlvPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://jamenize.com/?f=1&a=jmz_wnzp_15_06&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtA0B0F0D0Bzz0F0DyC0BtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCzzyDtCyC0EtG0FtA0D0CtG0FyB0DtDtGtByC0F0EtGyBtB0EyCtB0CyE0CyC0FyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzztD0A0EtCzytG0DtD0E0FtGyEyBzz0BtGzzyB0BzztG0AzzyD0EtB0B0F0CyDyB0F0A2Q&cr=1152705790&ir=
Data Found : HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://jamenize.com/?f=1&a=jmz_wnzp_15_06&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtA0B0F0D0Bzz0F0DyC0BtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCzzyDtCyC0EtG0FtA0D0CtG0FyB0DtDtGtByC0F0EtGyBtB0EyCtB0CyE0CyC0FyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzztD0A0EtCzytG0DtD0E0FtGyEyBzz0BtGzzyB0BzztG0AzzyD0EtB0B0F0CyDyB0F0A2Q&cr=1152705790&ir=
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8acdd076-7141-4655-8487-c35174c89c93}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8acdd076-7141-4655-8487-c35174c89c93}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8acdd076-7141-4655-8487-c35174c89c93}
Key Found : HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
***** [ Web browsers ] *****
 
[C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ndibdjnfmopecpmkdieinmbadjfpblof
[C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pflphaooapbgpeakohlggbpidpppgdff
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11414 bytes] ##########
# AdwCleaner v5.200 - Logfile created 26/06/2016 at 22:05:52
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-26.1 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Alexandria - ALEXANDRIA
# Running from : C:\Users\Alexandria\Downloads\adwcleaner_5.200.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Folder Found : C:\Users\Default User\AppData\Local\Pokki
Folder Found : C:\Users\Default\AppData\Local\Pokki
 
***** [ Files ] *****
 
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
File Found : C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [mobilegeni daemon]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
 
***** [ Web browsers ] *****
 
[C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : jamenize.com
[C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : kbfnbcaeplbcioakkpcpgfkobkghlhen
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [11568 bytes] - [01/10/2015 14:01:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [14975 bytes] - [01/10/2015 13:52:40]
C:\AdwCleaner\AdwCleaner[S2].txt - [11602 bytes] - [01/10/2015 13:55:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [11602 bytes] - [01/10/2015 13:59:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15197 bytes] ##########
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 27 June 2016 - 07:01 AM

If not already done, please run the AdwCleaner tool and clean everything.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HomePage: Default -> hxxps://www.google.com/webhp?sourceid=chrome-instant&rlz=1C1CHFX_enUS568US568&ion=1&espv=2&ie=UTF-8
CHR Extension: (Avast Online Security) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{F715F7A4-67BA-11DD-F4B4-C04D56CFF2F4}\SupportTasks\0\Ubisoft Site.lnk -> hxxp:\www.ubi.com\( (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC497A80-080F-4D6B-B62E-EC5A78D701D5}\SupportTasks\1\Support.lnk -> hxxp://www.herinteractive.com/ (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC497A80-080F-4D6B-B62E-EC5A78D701D5}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.herinteractive.com/prod/dog/index.shtml/ (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC0581E6-048A-4C1B-AF4D-4487ECB5542C}\SupportTasks\2\Register Online.lnk -> hxxp:\go.microsoft.com\fwlink\( (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{E6D02BE6-55F6-44B8-8135-DB9857C02992}\SupportTasks\0\Ubisoft Site.lnk -> hxxp:\www.ubi.com\( (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{40C4D6D6-43DA-4971-9C68-3021DE6194F5}\SupportTasks\2\Register Online.lnk -> hxxp:\go.microsoft.com\fwlink\( (No File)
C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#5 flicka728

flicka728
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 27 June 2016 - 11:02 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02
Ran by Alexandria (2016-06-27 23:54:42) Run:2
Running from C:\Users\Alexandria\Downloads
Loaded Profiles: Alexandria (Available Profiles: Alexandria)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HomePage: Default -> hxxps://www.google.com/webhp?sourceid=chrome-instant&rlz=1C1CHFX_enUS568US568&ion=1&espv=2&ie=UTF-8
CHR Extension: (Avast Online Security) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{F715F7A4-67BA-11DD-F4B4-C04D56CFF2F4}\SupportTasks\0\Ubisoft Site.lnk -> hxxp:\www.ubi.com\( (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC497A80-080F-4D6B-B62E-EC5A78D701D5}\SupportTasks\1\Support.lnk -> hxxp://www.herinteractive.com/ (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC497A80-080F-4D6B-B62E-EC5A78D701D5}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.herinteractive.com/prod/dog/index.shtml/ (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC0581E6-048A-4C1B-AF4D-4487ECB5542C}\SupportTasks\2\Register Online.lnk -> hxxp:\go.microsoft.com\fwlink\( (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{E6D02BE6-55F6-44B8-8135-DB9857C02992}\SupportTasks\0\Ubisoft Site.lnk -> hxxp:\www.ubi.com\( (No File)
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{40C4D6D6-43DA-4971-9C68-3021DE6194F5}\SupportTasks\2\Register Online.lnk -> hxxp:\go.microsoft.com\fwlink\( (No File)
C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
Chrome HomePage => removed successfully
C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{F715F7A4-67BA-11DD-F4B4-C04D56CFF2F4}\SupportTasks\0\Ubisoft Site.lnk -> hxxp:\www.ubi.com\( (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC497A80-080F-4D6B-B62E-EC5A78D701D5}\SupportTasks\1\Support.lnk -> hxxp://www.herinteractive.com/ (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC497A80-080F-4D6B-B62E-EC5A78D701D5}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.herinteractive.com/prod/dog/index.shtml/ (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{EC0581E6-048A-4C1B-AF4D-4487ECB5542C}\SupportTasks\2\Register Online.lnk -> hxxp:\go.microsoft.com\fwlink\( (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{E6D02BE6-55F6-44B8-8135-DB9857C02992}\SupportTasks\0\Ubisoft Site.lnk -> hxxp:\www.ubi.com\( (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Alexandria\AppData\Local\Microsoft\Windows\GameExplorer\{40C4D6D6-43DA-4971-9C68-3021DE6194F5}\SupportTasks\2\Register Online.lnk -> hxxp:\go.microsoft.com\fwlink\( (No File) => Error: No automatic fix found for this entry.
"C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8750613 B
Java, Flash, Steam htmlcache => 758 B
Windows/system/drivers => 210359260 B
Edge => 0 B
Chrome => 387320890 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 205361896 B
LocalService => 173550 B
NetworkService => 0 B
Alexandria => 57632638 B
 
RecycleBin => 88762 B
EmptyTemp: => 841.4 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-06-27 23:59:29)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx" => Could not move
 
==== End of Fixlog 23:59:29 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 28 June 2016 - 08:44 AM

Any remaining issues?

#7 flicka728

flicka728
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 29 June 2016 - 08:48 PM

For now I have no issues! Well, at least nothing has popped up yet! Thank you so much!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 30 June 2016 - 07:26 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 flicka728

flicka728
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 30 June 2016 - 07:55 PM

Well, looks like I am back. I got onto Chrome today and several different popups came back. The same ones as before.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 01 July 2016 - 08:22 AM

Please run the Farbar tool and post the logs for my review.

#11 flicka728

flicka728
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 01 July 2016 - 11:14 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by Alexandria (administrator) on ALEXANDRIA (02-07-2016 00:08:37)
Running from C:\Users\Alexandria\Downloads
Loaded Profiles: Alexandria (Available Profiles: Alexandria)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\tzsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-20] (Avast Software s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4060459484-377247338-2392814284-1001\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4060459484-377247338-2392814284-1001\...\MountPoints2: {b9b2a867-8f8c-11e3-824e-806e6f6e6963} - "D:\autorun.exe" 
HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-20] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk [2016-03-21]
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{21CE20D9-6145-4EFA-82B1-7F822137420C}: [DhcpNameServer] 75.114.81.1 75.114.81.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-4060459484-377247338-2392814284-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4060459484-377247338-2392814284-1001 -> DefaultScope {4C93C68D-1DF8-47F6-AB57-B2AAC048A8F9} URL = 
SearchScopes: HKU\S-1-5-21-4060459484-377247338-2392814284-1001 -> {4C93C68D-1DF8-47F6-AB57-B2AAC048A8F9} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-20] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-20] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-12-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-20]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Block site) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-06-05]
CHR Extension: (PanicButton) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-06-06]
CHR Extension: (Star Stable Online) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlmdkpemkkigkgelegknllpmfclakkk [2014-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-30]
CHR Extension: (Grammarly for Chrome) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-06-29]
CHR Extension: (Adblock Super) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-15]
CHR Extension: (Gmail) - C:\Users\Alexandria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-20] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-20] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-03-29] (Electronic Arts)
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176936 2016-03-21] (Impulse Point, LLC)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-20] ()
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-20] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-02 00:08 - 2016-07-02 00:08 - 00000000 ____D C:\Users\Alexandria\Downloads\FRST-OlderVersion
2016-07-01 12:12 - 2016-07-01 12:12 - 01449726 _____ C:\Users\Alexandria\Downloads\IncredibleIllChickadee.webm
2016-06-28 15:38 - 2016-06-28 15:38 - 00020533 _____ C:\Users\Alexandria\AppData\Local\recently-used.xbel
2016-06-27 23:54 - 2016-06-28 00:00 - 00005632 _____ C:\Users\Alexandria\Downloads\Fixlog.txt
2016-06-26 22:17 - 2016-06-26 22:17 - 00036521 _____ C:\Users\Alexandria\Downloads\Addition (1).txt
2016-06-26 22:16 - 2016-06-26 22:16 - 00038466 _____ C:\Users\Alexandria\Desktop\FRST.txt
2016-06-26 22:16 - 2016-06-26 22:16 - 00036521 _____ C:\Users\Alexandria\Desktop\Addition.txt
2016-06-26 22:13 - 2016-06-26 22:15 - 00036521 _____ C:\Users\Alexandria\Downloads\Addition.txt
2016-06-26 22:12 - 2016-07-02 00:08 - 00019686 _____ C:\Users\Alexandria\Downloads\FRST.txt
2016-06-26 22:11 - 2016-07-02 00:08 - 02390016 _____ (Farbar) C:\Users\Alexandria\Downloads\FRST64.exe
2016-06-26 22:10 - 2016-06-26 22:10 - 00015285 _____ C:\Users\Alexandria\Desktop\AdwCleaner[S1].txt
2016-06-26 22:04 - 2016-06-26 22:04 - 03703360 _____ C:\Users\Alexandria\Downloads\adwcleaner_5.200.exe
2016-06-17 00:53 - 2016-06-17 00:53 - 00492042 _____ C:\Users\Alexandria\Downloads\tumblr_o8n1inNtp31u915sno1_500.xcf
2016-06-16 23:02 - 2016-06-16 23:02 - 00298574 _____ C:\Users\Alexandria\frame_000001.xcf
2016-06-16 23:02 - 2016-06-16 23:02 - 00000170 _____ C:\Users\Alexandria\frame_vin.gap
2016-06-14 14:35 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-14 14:35 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-14 14:35 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-14 14:34 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-14 14:34 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-14 14:34 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-14 14:34 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-06-14 14:34 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-14 14:34 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-14 14:34 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-14 14:34 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-14 14:34 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-06-14 14:34 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-06-14 14:34 - 2016-05-20 17:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-06-14 14:34 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-06-14 14:34 - 2016-05-20 17:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-06-14 14:34 - 2016-05-20 17:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-06-14 14:34 - 2016-05-20 17:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-06-14 14:34 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-14 14:34 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-06-14 14:34 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-14 14:34 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-06-14 14:34 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-14 14:34 - 2016-05-20 17:09 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-06-14 14:34 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-06-14 14:34 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-14 14:34 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-06-14 14:34 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-14 14:34 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-14 14:34 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-14 14:34 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-06-14 14:34 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-14 14:34 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-06-14 14:06 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-06-14 14:06 - 2016-06-03 09:38 - 01413120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-14 14:06 - 2016-06-02 13:51 - 00050352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-14 14:06 - 2016-05-29 11:04 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-14 14:06 - 2016-05-29 11:04 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-14 14:06 - 2016-05-29 11:04 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-14 14:06 - 2016-05-29 11:04 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-14 14:06 - 2016-05-29 11:04 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-06-14 14:06 - 2016-05-29 11:04 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-14 14:06 - 2016-05-13 19:09 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-06-14 14:06 - 2016-05-12 14:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-14 14:06 - 2016-05-12 13:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-14 14:06 - 2016-05-12 12:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-14 14:06 - 2016-05-12 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-14 14:06 - 2016-05-12 12:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-14 14:06 - 2016-05-12 11:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-14 14:06 - 2016-05-12 11:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-14 14:06 - 2016-05-12 11:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-14 14:06 - 2016-05-09 17:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-06-14 14:06 - 2016-05-09 16:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-06-14 14:06 - 2016-05-09 16:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-14 14:06 - 2016-05-09 16:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 14:06 - 2016-05-06 11:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-14 14:06 - 2016-05-06 11:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-14 14:06 - 2016-04-12 11:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-14 14:06 - 2016-04-12 11:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-14 14:05 - 2016-05-18 01:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-14 14:05 - 2016-05-18 01:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-14 14:05 - 2016-05-16 17:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-14 14:05 - 2016-05-16 17:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-14 14:05 - 2016-05-16 17:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-14 14:05 - 2016-05-16 17:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-14 14:05 - 2016-05-13 19:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-14 14:05 - 2016-05-13 19:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-14 14:05 - 2016-05-13 19:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-14 14:05 - 2016-05-13 19:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-14 14:05 - 2016-05-13 18:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-14 14:05 - 2016-05-13 18:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-14 14:05 - 2016-05-13 17:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-14 14:05 - 2016-04-14 11:25 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-14 14:05 - 2016-04-14 11:11 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-14 14:05 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-14 14:05 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-14 14:05 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-14 14:05 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-14 14:03 - 2016-05-18 19:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-14 14:03 - 2016-05-18 16:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-14 14:03 - 2016-05-14 16:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-14 14:03 - 2016-05-14 16:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-14 14:03 - 2016-05-13 19:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-14 14:03 - 2016-05-13 17:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-14 14:03 - 2016-05-13 17:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-14 14:03 - 2016-05-13 17:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-14 14:03 - 2016-05-13 17:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-11 02:08 - 2016-06-11 02:08 - 00236410 _____ C:\Users\Alexandria\Downloads\b87d4a0cd873baffc3f43e6b979ec5fa.xcf
2016-06-11 02:07 - 2016-06-17 00:53 - 02311437 _____ C:\Users\Alexandria\Downloads\Untitled.xcf
2016-06-11 01:17 - 2016-06-17 00:53 - 01959237 _____ C:\Users\Alexandria\Downloads\Hans-Landa-inglourious-basterds-17086521-1280-1024.xcf
2016-06-10 22:17 - 2016-06-10 22:17 - 00095910 _____ C:\Users\Alexandria\Downloads\AlexandriaWaltz.pdf
2016-06-07 01:22 - 2016-06-07 01:29 - 02353113 _____ C:\Users\Alexandria\Downloads\done.xcf
2016-06-07 00:36 - 2016-06-07 00:36 - 00743678 _____ C:\Users\Alexandria\Downloads\359957510.xcf
2016-06-07 00:01 - 2016-06-07 00:01 - 02381815 _____ C:\Users\Alexandria\Downloads\11111.xcf
2016-06-06 23:30 - 2016-06-06 23:36 - 00000000 ____D C:\Users\Alexandria\Downloads\Preis_ChristophWaltz-neu-14 _ Flickr - Photo Sharing!_files
2016-06-06 23:29 - 2016-06-06 23:30 - 00255352 _____ C:\Users\Alexandria\Downloads\Preis_ChristophWaltz-neu-14 _ Flickr - Photo Sharing!.html
2016-06-06 23:20 - 2016-06-06 23:20 - 00975712 _____ C:\Users\Alexandria\Downloads\tumblr_inline_o8d7ehTGBN1t9zqhp_540.xcf
2016-06-05 22:37 - 2016-06-05 22:37 - 00008704 ___SH C:\Users\Alexandria\Documents\Thumbs.db
2016-06-05 22:17 - 2016-06-05 22:17 - 00000000 ____D C:\Users\Alexandria\Desktop\GAP.2.6_win
2016-06-05 21:57 - 2016-06-05 21:57 - 00000000 ____D C:\Users\Alexandria\.thumbnails
2016-06-05 21:53 - 2016-06-17 00:53 - 00000000 ____D C:\Users\Alexandria\AppData\Local\gtk-2.0
2016-06-05 21:53 - 2016-06-05 21:53 - 00000000 _____ C:\Users\Alexandria\.gtk-bookmarks
2016-06-05 21:47 - 2016-06-28 15:41 - 00000000 ____D C:\Users\Alexandria\.gimp-2.8
2016-06-05 21:47 - 2016-06-05 21:47 - 00000000 ____D C:\Users\Alexandria\AppData\Local\gegl-0.2
2016-06-05 21:47 - 2016-06-05 21:47 - 00000000 ____D C:\Users\Alexandria\AppData\Local\fontconfig
2016-06-05 21:46 - 2016-06-05 21:46 - 00000881 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-06-05 21:44 - 2016-06-05 21:46 - 00000000 ____D C:\Program Files\GIMP 2
2016-06-05 21:38 - 2016-06-05 21:43 - 96824152 _____ (The GIMP Team ) C:\Users\Alexandria\Downloads\gimp-2.8.16-setup-2.exe
2016-06-05 21:31 - 2016-06-05 21:32 - 00154072 _____ C:\Users\Alexandria\Downloads\SoulfulSlushyElephantseal.webm
2016-06-05 21:12 - 2016-06-05 21:12 - 00118286 _____ C:\Users\Alexandria\Downloads\ImmenseSophisticatedHowlermonkey.webm
2016-06-05 21:10 - 2016-06-05 21:10 - 00264252 _____ C:\Users\Alexandria\Downloads\MammothMassiveGoa1.webm
2016-06-05 20:35 - 2016-06-05 20:35 - 00635612 _____ C:\Users\Alexandria\Downloads\OilyHauntingBaldeagle.webm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-02 00:09 - 2014-03-08 10:01 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0262EA61-BA0B-4326-AD70-72FB3E055CB1}
2016-07-02 00:08 - 2015-10-01 11:52 - 00000000 ____D C:\FRST
2016-07-01 12:14 - 2014-02-22 01:24 - 08439296 ___SH C:\Users\Alexandria\Downloads\Thumbs.db
2016-07-01 11:12 - 2014-02-06 20:43 - 00000000 ___DO C:\Users\Alexandria\SkyDrive
2016-07-01 11:10 - 2013-12-25 09:34 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-01 02:35 - 2016-05-24 23:06 - 00000000 ____D C:\Users\Alexandria\AppData\Roaming\vlc
2016-07-01 01:47 - 2013-12-25 21:20 - 00000000 ____D C:\Users\Alexandria\AppData\Local\CrashDumps
2016-07-01 01:39 - 2013-05-10 03:31 - 00000000 ____D C:\ProgramData\Origin
2016-06-30 18:13 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-30 00:39 - 2013-12-25 10:06 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4060459484-377247338-2392814284-1001
2016-06-29 23:48 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-28 14:58 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-28 00:01 - 2014-02-20 14:24 - 00711680 ___SH C:\Users\Alexandria\Desktop\Thumbs.db
2016-06-27 23:58 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-27 23:57 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-27 23:50 - 2013-12-25 09:53 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-26 23:47 - 2014-02-06 20:21 - 00000000 ____D C:\Users\Alexandria
2016-06-26 22:05 - 2015-10-01 13:52 - 00000000 ____D C:\AdwCleaner
2016-06-23 20:44 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-23 20:42 - 2015-09-01 11:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-20 14:46 - 2013-12-27 19:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-20 01:09 - 2013-12-27 19:40 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-18 13:03 - 2015-10-10 12:44 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 12:58 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 22:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-06-16 19:29 - 2015-10-01 14:08 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-15 16:46 - 2013-08-22 10:44 - 00481880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-15 16:39 - 2014-12-19 00:18 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-15 16:39 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-06-14 13:13 - 2016-04-15 12:16 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 13:13 - 2016-04-15 12:16 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-03 00:34 - 2015-07-29 21:20 - 00000000 ____D C:\WINDOWS\Panther
2016-06-03 00:27 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT
 
==================== Files in the root of some directories =======
 
2016-06-28 15:38 - 2016-06-28 15:38 - 0020533 _____ () C:\Users\Alexandria\AppData\Local\recently-used.xbel
2015-03-26 11:20 - 2015-03-26 11:22 - 0013918 _____ () C:\Users\Alexandria\AppData\Local\ZedgeLog.txt
2015-08-24 13:27 - 2015-08-24 13:27 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-16 14:14 - 2014-02-16 14:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-30 00:39
 
==================== End of FRST.txt ============================


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 02 July 2016 - 08:18 AM


Nothing suspicious was found on your logs.

Try this.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

===

If the problem persists please post the latest Addition.txt file that was created by the Farbar tool.

#13 flicka728

flicka728
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 03 July 2016 - 12:43 PM

Yup, same pop up pages are coming up. What do you want me to do now?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 04 July 2016 - 06:47 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#15 flicka728

flicka728
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 08 July 2016 - 11:37 PM

I will be sure to do this tomorrow! Just wanted to post there here because I know after five days the topic gets locked or whatever.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users