AdvancedSetup

Root Admin
  • Content count

    65,284
  • Joined

  • Last visited

About AdvancedSetup

  • Rank
    Staff

Contact Methods

  • Website URL
    http://www.malwarebytes.org

Profile Information

  • Location
    US

Recent Profile Visitors

329,337 profile views
  1. As suspected no obvious malware, but also not full of too many errors. Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues. If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in. Internet Explorer How to reset Internet Explorer settings Firefox Click on Help / Troubleshooting Information then click on the Reset Firefox button. Chrome I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome. You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed. Then I need you to go to >> Google Sync << and sign into your account. Scroll down until you see the “reset sync” button and click on the button At the prompt click on “Ok”. . Reset Your Browser Settings . In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines) Select “Settings”. At the bottom, click “Show advanced settings…” Scroll down until you see “Reset settings”, Then click on the button “Reset Settings”. In the dialog that appears, click “Reset”. . Close Chrome and restart it and check it out for me please
  2. Hello @ecksdee and Let me get some logs to see if we can see what's going on. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  3. Thanks for the PM @sparkythomson and glad you were able to resolve the issue. Take care and have a great weekend. Ron
  4. Hello @Fosdick and sorry for the delay. I was unexpectedly hospitalized and out for a couple of weeks. I'm back now, but catching up to all the posts and emails that have come in since I've been out. It's a bit late here for me now and I have some other items to finish up. Let me have you run this though and I'll check back on you tomorrow. Please download MiniToolBox save it to your desktop and run it. Checkmark the following check-boxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump Files Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using Reset FF Proxy Settings option Firefox should be closed.
  5. Hello @erikc4l and I don't see any obvious infection, but there are errors in the Event Logs including a Shell which can probably cause various unexpected results in Windows. We'll go ahead and scan for any potential malware though just to make sure. Please restart the computer first and then run the following steps and post back the logs as an attachment when ready. STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks
  6. Hello @Kathysm and Please open Malwarebytes and check for updates. Then do a Threat Scan and post back that log for me and we'll see what it says. I'd also like to get the following logs please. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Ron
  7. Hello @Jellybean808 Sorry to hear you're having issues. I'm pretty sure that unless you have some unheard of rare case I can probably get the program running for you if you like. If not then we can get it removed. In either case I'd like to get some logs please so that I can assist you. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Ron
  8. Hello @sparkythomson Please send me a private message with your purchase and license information and I'll check on it for you. So you've done a clean installation of Malwarebytes 3 and are unable to get it activated, or is there an error message? Thank you Ron
  9. Thanks @Tokail If it did not work, please post the requested logs from post #4 by @Firefox Thanks Ron
  10. I'm doing better now, thank you. Create and obtain an mb-check log: Download mb-check from here and save to your desktop Run mb-check and within a few second the command window will open and then close This will produce one log file on your desktop: mb-checkResult.txt Attach this log file to your post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area
  11. 1. Open a CMD Window as an Administrator on the computer and enter the following commands: cd %windir%\system32\ lodctr /R cd %windir%\sysWOW64\ lodctr /R Note: This command resyncs the counter values. 2. Open up Regedit and navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc\Performance 3. Make sure that the value (if it exists) for the Disable Performance Counters is not 1. If the entry does exist and the entry is 1, change it to 0 or delete that entry within the key. ** PLEASE NOTE ** make sure you contact your system administrator before making changes to the registry, and make sure that you back it up before you delete it. 4. Restart the computer Let me know if performance has improved any or not. Thanks
  12. The logs indicate the Google Chrome was not removed and the computer restarted before a new FRST scan was run. Google Chrome is up and running and installed in these logs. Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.) Google Chrome Canary (HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\...\Google Chrome SxS) (Version: 60.0.3093.1 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libglesv2.dll C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libegl.dll FirewallRules: [{B9603A8C-BB4E-46AC-9FAE-51B1C261044C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe CustomCLSID: HKU\S-1-5-21-1581611794-1634886039-3925248525-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1581611794-1634886039-3925248525-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1581611794-1634886039-3925248525-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1581611794-1634886039-3925248525-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1581611794-1634886039-3925248525-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1581611794-1634886039-3925248525-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1581611794-1634886039-3925248525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) Task: {6D9CE2E8-FCCA-4E9B-A7C6-88BBE899E4F0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000UA => C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.) Task: {771577F7-0E02-400E-BC9E-93CF28AD9720} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000Core => C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.) Task: {B176E126-9309-4902-A583-6AAF8BBBFF1E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000UA1d2ba4498e9d12a => C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-21] (Google Inc.) Task: {DCD1CF26-C1F1-42D8-A24B-BE2C9EE11501} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-11] (Google Inc.) Task: {EE97EACF-561F-4299-920F-6D0FE13A976B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-11] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000Core.job => C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000UA.job => C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\...\Run: [Google Update] => C:\Users\Amber\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-1581611794-1634886039-3925248525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-1581611794-1634886039-3925248525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.startpageing123.com/?type=hp&ts=1489361979&z=43e2bb84d992c99931ab3a7g5zbb2t4cbqag8t1m5t&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F4JZ6VPKZ6VPK" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default [2017-05-09] CHR Extension: (Google Slides) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-11] CHR Extension: (Entanglement Web App) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-04-11] CHR Extension: (Google Art Project) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\akimgimeeoiognljlfchpbkpfbmeapkh [2017-04-11] CHR Extension: (Google Docs) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-11] CHR Extension: (Google Drive) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-11] CHR Extension: (YouTube) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-11] CHR Extension: (Add to Amazon Wish List) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2017-04-11] CHR Extension: (uBlock Origin) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-04-23] CHR Extension: (MakeGIF Video Capture) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2017-04-20] CHR Extension: (Email this page (by Google)) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2017-04-11] CHR Extension: (Dropbox for Gmail) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-04-11] CHR Extension: (Adobe Acrobat) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-11] CHR Extension: (Mobile/Responsive Web Design Tester) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmekokodcohlommfikpmojheggnbelo [2017-04-11] CHR Extension: (Avast SafePrice) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-11] CHR Extension: (Google Sheets) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-11] CHR Extension: (KB SSL Enforcer) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof [2017-04-11] CHR Extension: (Google Docs Offline) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-11] CHR Extension: (Pastebin.com) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh [2017-04-11] CHR Extension: (AdBlock) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-14] CHR Extension: (Avast Online Security) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-11] CHR Extension: (Pinterest Save Button) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-22] CHR Extension: (WhatFont) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2017-04-11] CHR Extension: (AUSkey for Chrome) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmegndhbalhkegdidohofafobbcabine [2017-04-11] CHR Extension: (Poppit!) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-04-11] CHR Extension: (Google Mail Checker) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-04-11] CHR Extension: (ProgrammerAppeal) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmonhnmojnphlkppocceaclkncgknn [2017-04-11] CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2017-04-11] CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2017-04-11] CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-04-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-11] CHR Extension: (Buffer) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2017-05-06] CHR Extension: (Gmail) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-11] CHR Extension: (Chrome Media Router) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-28] CHR HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmegndhbalhkegdidohofafobbcabine] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx C:\Users\Amber\AppData\Roaming\Google 2017-04-21 12:12 - 2017-05-08 20:29 - 00002507 _____ C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk 2017-04-21 12:11 - 2017-04-28 15:29 - 00003710 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000UA1d2ba4498e9d12a 2017-04-21 12:11 - 2017-04-28 15:29 - 00003442 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000Core1d2ba4498909841 Please read the following article concerning the use of MSCONFIG Msconfig Is Not A Startup Manager ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: c2cautoupdatesvc => 2 MSCONFIG\Services: c2cpnrsvc => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: Mobile Broadband HL Service => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: OpenVPNService => 3 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: PlaysService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupreg: BingSvc => C:\Users\Amber\AppData\Local\Microsoft\BingSvc\BingSvc.exe MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "ZAM" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\...\StartupApproved\Run: => "Icecream_Screen_Recorder_Prefetcher" HKU\S-1-5-21-1581611794-1634886039-3925248525-1000\...\StartupApproved\Run: => "Screenpresso" 2017-04-11 21:42 - 2017-04-28 08:12 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-11 21:42 - 2017-04-28 08:12 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-05-03 08:05 - 2015-09-29 14:49 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-21 22:26 - 2016-07-21 15:13 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000UA.job 2017-04-21 22:26 - 2016-07-21 15:13 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1581611794-1634886039-3925248525-1000Core.job 2017-04-21 12:12 - 2015-09-29 14:48 - 00000000 ____D C:\Users\Amber\AppData\Local\Google 2017-04-11 21:43 - 2015-09-29 14:48 - 00000000 ____D C:\Program Files (x86)\Google 2017-03-23 19:57 - 2017-03-23 19:57 - 47921768 _____ (Google Inc.) C:\Users\Amber\AppData\Local\Temp\{91B8341F-D3C5-4FD2-B6CC-0B2870DCE50A}-59.0.3049.0_chrome_installer.exe Also see the following artilce as you have many of these folders from Adobe. Adobe tempzxpsign…… Temporary Files http://blog.nalates.net/2016/11/12/adobe-tempzxpsign-temporary-files/ https://forums.adobe.com/message/8870807
  13. Looks like these are just old infections in the System Restore area. Please see the following article and verify if your System Restore is enabled (it appears to be). Then delete all the current System Restore Points and create a new one. Note, this site will probably prompt about some type of ad - just ignore, close and read the article. https://www.groovypost.com/howto/windows-10-enable-create-system-restore/ https://www.groovypost.com/howto/delete-restore-points-windows-10-reclaim-disk-space/ Once you've cleaned, removed, restart the computer again and run another Threat Scan with Malwarebytes and let me know if you're still getting anything found or not in a Custom Scan. Thanks Ron
  14. Yes, Chrome is a very annoying program to uninstall. I really wish Google would stop this practice. They make it almost like self-protective malware to repair, reinstall itself and put files, folders, registry settings all over the computer. Certainly not the awesome browser it was years ago. I do not even have Chrome installed on my home computers as I just do not care for their practice of coding and making it difficult to do a "clean removal" easily. If you're trying to do a clean removal of Chrome, please disable any linked accounts inside of Google login. Then uninstall Chrome, and reboot. Then run FRST again and attach both new logs and I will review and help you to fully remove Chrome.
  15. It doesn't look like you have any active live threats on the system. Probably some site downloaded a javascript file in order to attempt an attack but was thwarted before it could do anything. Please Run TFC by OldTimer to clear temporary files: Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Then reboot the computer and let me know if there are still any signs of an infection or not. Thanks Ron