Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome unknown process


  • Please log in to reply
11 replies to this topic

#1 EJTech

EJTech

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 19 August 2017 - 07:58 PM

UNKNOWN PROCESS IN CHROME, DETECTED ON OR ABOUT 02/17/2017
(evident by rotating standby cursor)

Process executes 46 seconds after launching Chrome
then again about the 5 minute mark
and continues at intervals while the browser is open

-----------------------

This was the sequence of events on Friday 08/18/2017

Open Chrome
Log into US Bank
Make transactions
Log out

On bookmark bar, click on SCG icon (Gas Company)
Attempt to log into SCG
Received message on page:
 

 

Request-URI Too Large

The request could not be processed by the server. The request URI is longer than the permissible limit.


On bookmark bar, click on SCG icon again
Attempt to log into SCG
Received same message

On bookmark bar, click on SCG icon
Click on SCG logo on website to take me to home page
Click on "Login/Register" link in upper Right corner of SCG page
Received same message


I copied the URI from the address bar and pasted into a file

Looks like some type of tracker code

----------------------
Win 7 Pro
Fujitsu 8420 laptop
64 bit
Chrome 60
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:29 PM

Posted 20 August 2017 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.
==============================

#3 EJTech

EJTech
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 20 August 2017 - 02:20 PM

Hi Nasdaq,

 

I will print the topic and follow your instructions.

 

In the meantime, I wanted to show you the URI.  It seems that it may be revealing of the nature of the problem.

 

Here it is:

 

https://myaccount.socalgas.com/myAccount/?_afrLoop=4259846467852105&_afrWindowMode=0&_afrWindowId=FSR_FSSETTS_BEGIN_OBJ
{"setts":"{"trigger":{"config":{"id":"Kdx4PMbDpfkobhQ07bAOYw==",
    "site_id":"usbank.com",
    "surveyAsyncCurl":"i.4see.mobi",
    "hasReplay":"false",
    "triggerDelay":0,
    "inviteDelay":0,
    "repeatDays":{"decline":90,"accept":90},
    "trackerConvertsAfter":10000,
    "trackerHeartbeatTimeout":10000,
    "trackerHeartbeatLongTimeout":12000,
    "onExitMobileHeartbeatInterval":60000,
    "reinviteDelayAfterInviteAbandon":7776000000,
    "workInIframes":"dontRunOtherIframes",
    "ignoreNavigationEvents":false,
    "publicApiName":"FSR",
    "globalExclude":{"urls":[],"referrers":[],"userAgents":[],"browsers":[],"cookies":[{"name":"riblpid","value":"A178A15A6D3A066D60BED8C7E21849A29A444850D2187AEFF3CB574F2E986BB7"}],"variables":[{"name":"testAndTargetID","value":"USBank_Global_OLB_Header_Send_Receive_Money"}]},"inviteExclude":{"urls":[],"referrers":[],"userAgents":[],"browsers":[],"cookies":[{"name":"riblpid","value":"000117677818529863"}],"variables":[]},
    "browser_cutoff":
        {"IE":10,"Safari":5.2,"Firefox":25,"Chrome":30,"Opera":1000},
    "platform_cutoff":
        {"Android":4.4,"Winphone":9,"iPod":9,"iPhone":9,"iPad":9},
    "device_blacklist":["HTC_Rezound","blackberry"],"replay_pools":[{"path":".","sp":100}],"replay_repools":[],"cpps":{"CustomerTenure":{"source":"variable","name":"UsbMasterRIBConvertedUser.strPilotParticipantId"},"LPID":{"source":"cookie","val":"riblpid"},"Products":{"source":"variable","init":"false","name":"s.products"},"Platform":{"source":"url","init":"false","patterns":[{"regex":"*apply.usbank.com/applications*","value":"Touch"},{"regex":"*apply.usbank.com/apply*","value":"Classic"}]}}},"surveydefs":["https://myaccount.socalgas.com/myAccount/?_afrLoop=4259846467852105&_afrWindowMode=0&_afrWindowId=FSR_FSSETTS_BEGIN_OBJ
{"setts":"{"trigger":{"config":{"id":"Kdx4PMbDpfkobhQ07bAOYw==",
    "site_id":"usbank.com",
    "surveyAsyncCurl":"i.4see.mobi",
    "hasReplay":"false",
    "triggerDelay":0,
    "inviteDelay":0,
    "repeatDays":{"decline":90,"accept":90},
    "trackerConvertsAfter":10000,
    "trackerHeartbeatTimeout":10000,
    "trackerHeartbeatLongTimeout":12000,
    "onExitMobileHeartbeatInterval":60000,
    "reinviteDelayAfterInviteAbandon":7776000000,
    "workInIframes":"dontRunOtherIframes",
    "ignoreNavigationEvents":false,
    "publicApiName":"FSR",
    "globalExclude":{"urls":[],"referrers":[],"userAgents":[],"browsers":[],"cookies":[{"name":"riblpid","value":"A178A15A6D3A066D60BED8C7E21849A29A444850D2187AEFF3CB574F2E986BB7"}],"variables":[{"name":"testAndTargetID","value":"USBank_Global_OLB_Header_Send_Receive_Money"}]},"inviteExclude":{"urls":[],"referrers":[],"userAgents":[],"browsers":[],"cookies":[{"name":"riblpid","value":"000117677818529863"}],"variables":[]},
    "browser_cutoff":
        {"IE":10,"Safari":5.2,"Firefox":25,"Chrome":30,"Opera":1000},
    "platform_cutoff":
        {"Android":4.4,"Winphone":9,"iPod":9,"iPhone":9,"iPad":9},
    "device_blacklist":["HTC_Rezound","blackberry"],"replay_pools":[{"path":".","sp":100}],"replay_repools":[],"cpps":{"CustomerTenure":{"source":"variable","name":"UsbMasterRIBConvertedUser.strPilotParticipantId"},"LPID":{"source":"cookie","val":"riblpid"},"Products":{"source":"variable","init":"false","name":"s.products"},"Platform":{"source":"url","init":"false","patterns":[{"regex":"*apply.usbank.com/applications*","value":"Touch"},{"regex":"*apply.usbank.com/apply*","value":"Classic"}]}}},"surveydefs":["KHsgbmFtZTogJ2J...

 

 

 

Thank you for your help.



#4 EJTech

EJTech
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 20 August 2017 - 04:28 PM

Here is the Malwarebytes log:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/20/17
Scan Time: 12:53 PM
Log File: Malwarebytes01.txt
Administrator: No

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2625
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Fuji7\Ezone

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363375
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 3 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 1
PUM.Optional.DisableShowMyComputer, HKU\S-1-5-21-588247772-2902044076-1633536719-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWMYCOMPUTER, Replace-on-Reboot, [15412], [293314],1.0.2625

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#5 EJTech

EJTech
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 20 August 2017 - 04:31 PM

Here is the AdwCleaner log:

 

# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 20 21:00:17 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [1208 B] - [2016/1/12 23:55:24]
C:/AdwCleaner/AdwCleaner[C2].txt - [3114 B] - [2017/2/24 23:32:47]
C:/AdwCleaner/AdwCleaner[S1].txt - [1141 B] - [2016/1/12 23:34:47]
C:/AdwCleaner/AdwCleaner[S2].txt - [1086 B] - [2016/1/12 23:52:24]
C:/AdwCleaner/AdwCleaner[S3].txt - [669 B] - [2016/1/12 23:58:20]
C:/AdwCleaner/AdwCleaner[S4].txt - [1358 B] - [2017/2/24 23:31:4]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########



#6 EJTech

EJTech
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 20 August 2017 - 04:38 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Ezone (ATTENTION: The user is not administrator) on FUJI7 (20-08-2017 14:10:13)
Running from C:\Users\Ezone\Desktop\Farbar
Loaded Profiles: Ezone & Masterj (Available Profiles: Ezone & Masterj)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> o2flash.exe
Failed to access process -> svchost.exe
Failed to access process -> ss_conn_service.exe
Failed to access process -> svchost.exe
Failed to access process -> MBAMService.exe
Failed to access process -> svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-588247772-2902044076-1633536719-1000\...\Run: [AdobeBridge] => [X]
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1DDA3578-7F04-42E4-A3C3-6B83B58B34DE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{99A85344-410E-4F93-8DD1-C7D05157F648}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A880E591-2EC7-46F0-AA6C-1EE796DE4043}: [NameServer] 192.168.1.33

Internet Explorer:
==================
HKU\S-1-5-21-588247772-2902044076-1633536719-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-588247772-2902044076-1633536719-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-588247772-2902044076-1633536719-1001] ATTENTION => Default URLSearchHook is missing
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-01-02] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-01-02] (Oracle Corporation)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2011-06-22] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ps1ql6dc.default-1452670780654
FF ProfilePath: C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654 [2017-08-20]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654 -> Google
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654\Extensions\artur.dubovoy@gmail.com [2016-01-13]
FF Extension: (Self-Destructing Cookies) - C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-09-07]
FF Extension: (Selenium IDE: VBA/VBS Formatters) - C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654\Extensions\vbformatters@florent.breheret.xpi [2016-07-08]
FF Extension: (Selenium IDE) - C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2016-07-08]
FF Extension: (Adblock Plus) - C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-13]
FF Extension: (BetterPrivacy) - C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-01-13]
FF Extension: (Greasemonkey) - C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ql6dc.default-1452670780654\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-06-14]
FF ProfilePath: C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\7ortl469.Selenium [2016-07-08]
FF ProfilePath: C:\Users\Ezone\AppData\Roaming\Mozilla\Firefox\Profiles\181uzfbl.selenium [2016-07-08]
FF ProfilePath: C:\Users\Ezone\AppData\Roaming\Greyfirst\Celtx\Profiles\odi7z4fi.default [2016-03-27]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2015-04-03] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2015-04-03] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2015-04-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-09-07] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-01-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-01-02] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-09-07] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://losangeles.craigslist.org/
CHR DefaultSearchURL: Default -> hxxp://americankeysupply.com/favicon.ico
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default [2017-08-20]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Share link via email) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2016-11-17]
CHR Extension: (Key Codes : American Key Supply, The ...) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\enpjimmgllnjjejfpihmcbnfoiiambhp [2015-11-15]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-02]
CHR Extension: (ILCO Key Systems - Literature & Support) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghagaaaobbnbnnpgkdkcjdagbjonmkn [2016-06-06]
CHR Extension: (Morales steering column) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\njfmbhhoibjoodancpehaiekdbcfcghl [2016-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Stylist) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabfempgigicdjjlccdgnbmeggkbjdhd [2017-07-17]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-28]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10 [2017-02-28]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-28]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-28]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-28]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-28]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-28]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-28]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11 [2017-06-18]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-01]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-01]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-17]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12 [2017-07-13]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-21]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-21]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-05]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13 [2017-06-16]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-17]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-17]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-17]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-17]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-17]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-08-19]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-15]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-15]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-15]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-15]
CHR Extension: (Google Search) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-15]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-24]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-18]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-08-05]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-03]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-03]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-03]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-03]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-03]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5 [2017-06-18]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Google Search) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-08]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-24]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6 [2017-02-28]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-05]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-05]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-05]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-05]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-05]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-28]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-05]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-28]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7 [2016-06-08]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-07]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-07]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-07]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-07]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-07]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-07]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8 [2017-08-19]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-07]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-07]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-07]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-07]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-19]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9 [2017-02-24]
CHR Extension: (Google Slides) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-08]
CHR Extension: (Google Docs) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-08]
CHR Extension: (Google Drive) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-08]
CHR Extension: (YouTube) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-08]
CHR Extension: (Google Sheets) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-08]
CHR Extension: (Gmail) - C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-08]
CHR Profile: C:\Users\Ezone\AppData\Local\Google\Chrome\User Data\System Profile [2017-05-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 O2Flash; C:\Windows\SysWOW64\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-06-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 wordpressApache; C:\Bitnami\WORDPR~1.2-1\apache2\bin\httpd.exe [22528 2015-12-11] (Apache Software Foundation) [File not signed]
S3 wordpressMySQL; C:\Bitnami\wordpress-4.4.2-1\mysql\bin\mysqld.exe [11070976 2015-11-16] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-20] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-20] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-20] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-20] (Malwarebytes)
S4 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [58400 2009-05-13] (O2Micro )
R3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscrx64.sys [107808 2009-05-15] (O2Micro)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 14:09 - 2017-08-20 14:10 - 000000000 ____D C:\Users\Ezone\Desktop\Farbar
2017-08-20 14:08 - 2017-08-20 14:00 - 000001477 _____ C:\Users\Ezone\Desktop\AdwCleaner[C2].txt
2017-08-20 13:33 - 2017-08-20 13:33 - 000001331 _____ C:\Users\Ezone\Desktop\Malwarebytes01.txt
2017-08-20 12:40 - 2017-08-20 14:01 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-20 12:40 - 2017-08-20 14:01 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-20 12:40 - 2017-08-20 12:46 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-20 12:40 - 2017-08-20 12:40 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-20 12:40 - 2017-08-20 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-20 12:40 - 2017-08-20 12:40 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-20 12:40 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-20 12:36 - 2017-08-20 12:37 - 000006148 _____ C:\Users\Public\Documents\.DS_Store
2017-08-20 12:33 - 2017-08-20 12:33 - 065033984 _____ (Malwarebytes ) C:\Users\Ezone\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-20 12:32 - 2017-08-20 12:32 - 008185288 _____ (Malwarebytes) C:\Users\Ezone\Desktop\adwcleaner_7.0.1.0.exe
2017-08-20 12:27 - 2017-08-20 12:24 - 000003391 _____ C:\Users\Public\Documents\NasdaqInstructions.txt
2017-08-20 04:14 - 2017-08-20 04:14 - 037462847 _____ C:\Users\Ezone\Downloads\Tina Turner - Legends Ball - Part 5.mp4
2017-08-20 03:54 - 2017-08-20 03:54 - 008728227 _____ C:\Users\Ezone\Downloads\THREE DOG NIGHT - LIAR  (Rare Live 80s w _ lyrics).mp4
2017-08-20 03:48 - 2017-08-20 03:48 - 011168747 _____ C:\Users\Ezone\Downloads\Three Dog Night - Liar.mp4
2017-08-20 03:39 - 2017-08-20 03:39 - 009006562 _____ C:\Users\Ezone\Downloads\THREE DOG NIGHT   Eli's Coming  1969.mp4
2017-08-19 17:27 - 2017-08-19 17:27 - 001137360 _____ (F-Secure Corporation) C:\Users\Ezone\Desktop\fsbl.exe
2017-08-18 12:32 - 2017-08-18 12:32 - 010421103 _____ C:\Users\Ezone\Downloads\CovertBand_ Activity Information Leakage Using Music.mp4
2017-08-17 20:35 - 2017-08-17 20:35 - 000000000 ____D C:\Users\Ezone\Downloads\Kodi
2017-08-17 14:23 - 2017-08-17 14:24 - 011939242 _____ C:\Users\Ezone\Downloads\20834140_1419071604797410_1500279269593448448_n.mp4
2017-08-16 22:25 - 2017-08-19 18:25 - 000000000 ____D C:\Users\Ezone\AppData\Roaming\Kodi
2017-08-16 22:24 - 2017-08-16 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-08-16 22:24 - 2017-08-16 22:24 - 000000000 ____D C:\Program Files (x86)\Kodi
2017-08-16 21:13 - 2017-08-13 22:09 - 000000796 _____ C:\Users\Public\Documents\Kodi_173.txt
2017-08-14 09:24 - 2017-08-14 09:26 - 000000000 ____D C:\Users\Ezone\Downloads\PotPlayer
2017-08-14 09:07 - 2017-08-14 09:11 - 000000000 ____D C:\Users\Ezone\Downloads\CodeEditors
2017-08-13 21:50 - 2017-08-13 21:51 - 083883525 _____ (XBMC-Foundation) C:\Users\Ezone\Downloads\kodi-17.3-Krypton.exe
2017-08-07 13:00 - 2017-08-16 21:12 - 000006148 _____ C:\Users\Public\.DS_Store
2017-07-31 10:28 - 2017-07-31 10:43 - 000000000 ____D C:\Users\Ezone\Downloads\AdobeOptimization
2017-07-31 10:14 - 2017-07-31 10:15 - 000000000 ____D C:\Users\Ezone\Downloads\OneCommander
2017-07-27 10:46 - 2017-07-27 10:46 - 000000000 ____D C:\Users\Ezone\Downloads\Lock
2017-07-27 10:43 - 2017-08-20 04:01 - 000000000 ____D C:\Users\Ezone\Documents\ExampleVideos
2017-07-27 07:35 - 2017-07-27 07:35 - 000000000 ____D C:\Users\Ezone\Downloads\Logitech
2017-07-25 19:37 - 2017-07-31 10:48 - 000000000 ____D C:\Users\Ezone\Documents\Blender
2017-07-25 10:11 - 2017-07-25 11:14 - 000000000 ____D C:\Users\Ezone\Downloads\CycleRevenueManagement

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 14:10 - 2016-01-12 15:06 - 000000000 ____D C:\FRST
2017-08-20 14:08 - 2009-07-13 21:45 - 000034144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-20 14:08 - 2009-07-13 21:45 - 000034144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-20 14:05 - 2009-07-13 22:13 - 000726316 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-20 14:05 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-08-20 14:02 - 2016-01-12 16:34 - 000000000 ____D C:\AdwCleaner
2017-08-20 14:01 - 2016-01-12 17:37 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-20 14:01 - 2016-01-12 17:36 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-20 14:01 - 2016-01-02 02:36 - 000000093 _____ C:\HaxLogs.txt
2017-08-20 14:01 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-20 12:40 - 2016-01-12 17:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-20 04:21 - 2015-01-12 17:46 - 000000000 ____D C:\Users\Ezone\AppData\Roaming\vlc
2017-08-19 12:54 - 2016-01-12 15:05 - 000000000 ____D C:\Users\Ezone\Downloads\AntiVirus
2017-08-18 11:39 - 2014-12-28 03:40 - 000000000 ____D C:\Users\Masterj
2017-08-18 11:37 - 2016-04-27 02:26 - 000000000 ____D C:\Users\Ezone\AppData\Local\Preseria
2017-08-17 13:15 - 2015-02-05 09:57 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-06 00:43 - 2015-01-25 04:06 - 000000000 ____D C:\QUICKENW
2017-08-04 08:23 - 2009-07-13 22:08 - 000032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-02 09:10 - 2015-01-25 15:12 - 000000000 ____D C:\Users\Ezone\Documents\PremiereProjects
2017-07-25 19:20 - 2015-10-16 01:32 - 000000000 ____D C:\Users\Ezone\Documents\Quickbooks

==================== Files in the root of some directories =======

2016-01-27 19:28 - 2016-05-31 20:34 - 000000132 _____ () C:\Users\Ezone\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-07 14:31 - 2015-06-07 15:00 - 000000129 _____ () C:\Users\Ezone\AppData\Roaming\Camdata.ini
2015-06-07 14:31 - 2015-06-07 15:00 - 000000408 _____ () C:\Users\Ezone\AppData\Roaming\CamLayout.ini
2015-06-07 14:31 - 2015-06-07 15:00 - 000000408 _____ () C:\Users\Ezone\AppData\Roaming\CamShapes.ini
2015-06-07 14:31 - 2015-06-07 15:00 - 000004547 _____ () C:\Users\Ezone\AppData\Roaming\CamStudio.cfg
2015-06-07 04:34 - 2015-06-07 14:36 - 000000096 _____ () C:\Users\Ezone\AppData\Roaming\version2.xml
2016-02-13 20:47 - 2016-02-13 20:47 - 000001456 _____ () C:\Users\Ezone\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-01 22:28 - 2015-06-02 00:53 - 000006144 _____ () C:\Users\Ezone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-01 18:10 - 2017-07-01 14:53 - 000000600 _____ () C:\Users\Ezone\AppData\Local\PUTTY.RND
2012-09-10 04:49 - 2012-09-10 04:49 - 000001050 ____H () C:\Users\Ezone\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}

Some files in TEMP:
====================
2017-05-20 18:27 - 2017-05-20 18:28 - 000066048 _____ () C:\Users\Masterj\AppData\Local\Temp\Execute2App.exe
2017-05-20 18:27 - 2014-05-07 17:43 - 000568832 _____ (Microsoft Corporation) C:\Users\Masterj\AppData\Local\Temp\msvcp90.dll
2017-05-20 18:27 - 2014-05-07 17:43 - 000655872 _____ (Microsoft Corporation) C:\Users\Masterj\AppData\Local\Temp\msvcr90.dll
2015-08-14 05:29 - 2015-07-29 13:08 - 000681097 _____ (SQLite Development Team) C:\Users\Masterj\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:29 PM

Posted 21 August 2017 - 08:09 AM

Hi,


I need you to run the Farbar tool in an Administrator account.

When done please post the FRST.txt log for my review.

#8 EJTech

EJTech
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 21 August 2017 - 11:56 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Masterj (administrator) on FUJI7 (20-08-2017 15:17:16)
Running from C:\Users\Ezone\Desktop\Farbar
Loaded Profiles: Ezone & Masterj (Available Profiles: Ezone & Masterj)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(O2Micro International) C:\Windows\SysWOW64\o2flash.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-588247772-2902044076-1633536719-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-588247772-2902044076-1633536719-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-588247772-2902044076-1633536719-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].tx
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1DDA3578-7F04-42E4-A3C3-6B83B58B34DE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{99A85344-410E-4F93-8DD1-C7D05157F648}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A880E591-2EC7-46F0-AA6C-1EE796DE4043}: [NameServer] 192.168.1.33

Internet Explorer:
==================
HKU\S-1-5-21-588247772-2902044076-1633536719-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-588247772-2902044076-1633536719-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-01-02] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-01-02] (Oracle Corporation)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2011-06-22] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-09-07] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-01-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-01-02] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-09-07] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default [2017-08-20]
CHR Extension: (Google Slides) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-28]
CHR Extension: (Google Docs) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-28]
CHR Extension: (Google Drive) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-21]
CHR Extension: (YouTube) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-21]
CHR Extension: (Google Sheets) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-28]
CHR Extension: (Gmail) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-21]
CHR Extension: (Chrome Media Router) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 O2Flash; C:\Windows\SysWOW64\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-06-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 wordpressApache; C:\Bitnami\WORDPR~1.2-1\apache2\bin\httpd.exe [22528 2015-12-11] (Apache Software Foundation) [File not signed]
S3 wordpressMySQL; C:\Bitnami\wordpress-4.4.2-1\mysql\bin\mysqld.exe [11070976 2015-11-16] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-20] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-20] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-20] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-20] (Malwarebytes)
S4 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [58400 2009-05-13] (O2Micro )
R3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscrx64.sys [107808 2009-05-15] (O2Micro)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 14:09 - 2017-08-20 14:10 - 000000000 ____D C:\Users\Ezone\Desktop\Farbar
2017-08-20 14:08 - 2017-08-20 14:00 - 000001477 _____ C:\Users\Ezone\Desktop\AdwCleaner[C2].txt
2017-08-20 13:33 - 2017-08-20 13:33 - 000001331 _____ C:\Users\Ezone\Desktop\Malwarebytes01.txt
2017-08-20 12:40 - 2017-08-20 14:01 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-20 12:40 - 2017-08-20 14:01 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-20 12:40 - 2017-08-20 12:46 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-20 12:40 - 2017-08-20 12:40 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-20 12:40 - 2017-08-20 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-20 12:40 - 2017-08-20 12:40 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-20 12:40 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-20 12:36 - 2017-08-20 12:37 - 000006148 _____ C:\Users\Public\Documents\.DS_Store
2017-08-20 12:33 - 2017-08-20 12:33 - 065033984 _____ (Malwarebytes ) C:\Users\Ezone\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-20 12:32 - 2017-08-20 12:32 - 008185288 _____ (Malwarebytes) C:\Users\Ezone\Desktop\adwcleaner_7.0.1.0.exe
2017-08-20 12:27 - 2017-08-20 12:24 - 000003391 _____ C:\Users\Public\Documents\NasdaqInstructions.txt
2017-08-20 04:14 - 2017-08-20 04:14 - 037462847 _____ C:\Users\Ezone\Downloads\Tina Turner - Legends Ball - Part 5.mp4
2017-08-20 03:54 - 2017-08-20 03:54 - 008728227 _____ C:\Users\Ezone\Downloads\THREE DOG NIGHT - LIAR  (Rare Live 80s w _ lyrics).mp4
2017-08-20 03:48 - 2017-08-20 03:48 - 011168747 _____ C:\Users\Ezone\Downloads\Three Dog Night - Liar.mp4
2017-08-20 03:39 - 2017-08-20 03:39 - 009006562 _____ C:\Users\Ezone\Downloads\THREE DOG NIGHT   Eli's Coming  1969.mp4
2017-08-19 17:27 - 2017-08-19 17:27 - 001137360 _____ (F-Secure Corporation) C:\Users\Ezone\Desktop\fsbl.exe
2017-08-18 12:32 - 2017-08-18 12:32 - 010421103 _____ C:\Users\Ezone\Downloads\CovertBand_ Activity Information Leakage Using Music.mp4
2017-08-17 20:35 - 2017-08-17 20:35 - 000000000 ____D C:\Users\Ezone\Downloads\Kodi
2017-08-17 14:23 - 2017-08-17 14:24 - 011939242 _____ C:\Users\Ezone\Downloads\20834140_1419071604797410_1500279269593448448_n.mp4
2017-08-16 22:25 - 2017-08-19 18:25 - 000000000 ____D C:\Users\Ezone\AppData\Roaming\Kodi
2017-08-16 22:24 - 2017-08-16 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-08-16 22:24 - 2017-08-16 22:24 - 000000000 ____D C:\Program Files (x86)\Kodi
2017-08-16 21:13 - 2017-08-13 22:09 - 000000796 _____ C:\Users\Public\Documents\Kodi_173.txt
2017-08-14 09:24 - 2017-08-14 09:26 - 000000000 ____D C:\Users\Ezone\Downloads\PotPlayer
2017-08-14 09:07 - 2017-08-14 09:11 - 000000000 ____D C:\Users\Ezone\Downloads\CodeEditors
2017-08-13 21:50 - 2017-08-13 21:51 - 083883525 _____ (XBMC-Foundation) C:\Users\Ezone\Downloads\kodi-17.3-Krypton.exe
2017-08-07 13:00 - 2017-08-16 21:12 - 000006148 _____ C:\Users\Public\.DS_Store
2017-07-31 10:28 - 2017-07-31 10:43 - 000000000 ____D C:\Users\Ezone\Downloads\AdobeOptimization
2017-07-31 10:14 - 2017-07-31 10:15 - 000000000 ____D C:\Users\Ezone\Downloads\OneCommander
2017-07-27 10:46 - 2017-07-27 10:46 - 000000000 ____D C:\Users\Ezone\Downloads\Lock
2017-07-27 10:43 - 2017-08-20 04:01 - 000000000 ____D C:\Users\Ezone\Documents\ExampleVideos
2017-07-27 07:35 - 2017-07-27 07:35 - 000000000 ____D C:\Users\Ezone\Downloads\Logitech
2017-07-25 19:37 - 2017-07-31 10:48 - 000000000 ____D C:\Users\Ezone\Documents\Blender
2017-07-25 10:11 - 2017-07-25 11:14 - 000000000 ____D C:\Users\Ezone\Downloads\CycleRevenueManagement

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 15:17 - 2016-01-12 15:06 - 000000000 ____D C:\FRST
2017-08-20 14:08 - 2009-07-13 21:45 - 000034144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-20 14:08 - 2009-07-13 21:45 - 000034144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-20 14:05 - 2009-07-13 22:13 - 000726316 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-20 14:05 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-08-20 14:02 - 2016-01-12 16:34 - 000000000 ____D C:\AdwCleaner
2017-08-20 14:01 - 2016-01-12 17:37 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-20 14:01 - 2016-01-12 17:36 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-20 14:01 - 2016-01-02 02:36 - 000000093 _____ C:\HaxLogs.txt
2017-08-20 14:01 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-20 12:40 - 2016-01-12 17:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-20 04:21 - 2015-01-12 17:46 - 000000000 ____D C:\Users\Ezone\AppData\Roaming\vlc
2017-08-19 12:54 - 2016-01-12 15:05 - 000000000 ____D C:\Users\Ezone\Downloads\AntiVirus
2017-08-18 11:39 - 2014-12-28 03:40 - 000000000 ____D C:\Users\Masterj
2017-08-18 11:37 - 2016-04-27 02:26 - 000000000 ____D C:\Users\Ezone\AppData\Local\Preseria
2017-08-17 13:15 - 2015-02-05 09:57 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-06 00:43 - 2015-01-25 04:06 - 000000000 ____D C:\QUICKENW
2017-08-04 08:23 - 2009-07-13 22:08 - 000032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-02 09:10 - 2015-01-25 15:12 - 000000000 ____D C:\Users\Ezone\Documents\PremiereProjects
2017-07-25 19:20 - 2015-10-16 01:32 - 000000000 ____D C:\Users\Ezone\Documents\Quickbooks

==================== Files in the root of some directories =======

2015-01-01 05:16 - 2015-01-01 05:16 - 000007597 _____ () C:\Users\Masterj\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-05-20 18:27 - 2017-05-20 18:28 - 000066048 _____ () C:\Users\Masterj\AppData\Local\Temp\Execute2App.exe
2017-05-20 18:27 - 2014-05-07 17:43 - 000568832 _____ (Microsoft Corporation) C:\Users\Masterj\AppData\Local\Temp\msvcp90.dll
2017-05-20 18:27 - 2014-05-07 17:43 - 000655872 _____ (Microsoft Corporation) C:\Users\Masterj\AppData\Local\Temp\msvcr90.dll
2015-08-14 05:29 - 2015-07-29 13:08 - 000681097 _____ (SQLite Development Team) C:\Users\Masterj\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-11 08:34

==================== End of FRST.txt ============================



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:29 PM

Posted 21 August 2017 - 01:20 PM

Hi,

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-588247772-2902044076-1633536719-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-588247772-2902044076-1633536719-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-588247772-2902044076-1633536719-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].tx
GroupPolicyScripts: Restriction <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-28]
AlternateDataStreams: C:\Users\Ezone\Cookies:esjHxyl18XYr1wiYQb529fz [2250]
AlternateDataStreams: C:\Users\Ezone\Local Settings:9pr87vH7bCeTcXtzxvE [2214]
AlternateDataStreams: C:\Users\Ezone\AppData\Local:9pr87vH7bCeTcXtzxvE [2214]
AlternateDataStreams: C:\Users\Ezone\AppData\Local\Application Data:9pr87vH7bCeTcXtzxvE [2214]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
---

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.

Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
===

Please let me know what problem persists with this computer.

#10 EJTech

EJTech
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 21 August 2017 - 03:58 PM

Still have the Chrome activity at 46 seconds.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Masterj (21-08-2017 13:43:39) Run:1
Running from C:\Users\Ezone\Desktop\Farbar
Loaded Profiles: Ezone & Masterj (Available Profiles: Ezone & Masterj)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-588247772-2902044076-1633536719-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-588247772-2902044076-1633536719-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-588247772-2902044076-1633536719-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].tx
GroupPolicyScripts: Restriction <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-28]
AlternateDataStreams: C:\Users\Ezone\Cookies:esjHxyl18XYr1wiYQb529fz [2250]
AlternateDataStreams: C:\Users\Ezone\Local Settings:9pr87vH7bCeTcXtzxvE [2214]
AlternateDataStreams: C:\Users\Ezone\AppData\Local:9pr87vH7bCeTcXtzxvE [2214]
AlternateDataStreams: C:\Users\Ezone\AppData\Local\Application Data:9pr87vH7bCeTcXtzxvE [2214]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-588247772-2902044076-1633536719-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-588247772-2902044076-1633536719-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-588247772-2902044076-1633536719-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-28] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Masterj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-28] => Error: No automatic fix found for this entry.
C:\Users\Ezone\Cookies => ":esjHxyl18XYr1wiYQb529fz" ADS removed successfully.
C:\Users\Ezone\Local Settings => ":9pr87vH7bCeTcXtzxvE" ADS removed successfully.
"C:\Users\Ezone\AppData\Local" => ":9pr87vH7bCeTcXtzxvE" ADS not found.
"C:\Users\Ezone\AppData\Local\Application Data" => ":9pr87vH7bCeTcXtzxvE" ADS not found.
C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\Public\Documents\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18475628 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 320047693 B
Edge => 0 B
Chrome => 9914137 B
Firefox => 2908991 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 102154 B
Ezone => 270750377 B
Masterj => 31178046 B

RecycleBin => 5238 B
EmptyTemp: => 623.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:43:56 ====



#11 EJTech

EJTech
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 21 August 2017 - 04:05 PM

Hi Nasdaq,

 

System Restore was already on.  There were restore points back to 08/02/2017.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:29 PM

Posted 22 August 2017 - 07:13 AM

Hi,

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data
https://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users