Jump to content

Adfly random popup


austin98
 Share

Recommended Posts

For a while I've just dealt with this problem because it's only slightly inconvenient and intermittent, but I'd still rather it not happen. Occasionally, when browsing the internet, a new tab will open which becomes my current open tab, which takes me through a few redirects to an Adfly 'account suspended' page, as though it was supposed to redirect to someone's ad but the account was reported and removed. I don't have any Adfly or problematic extensions or toolbars, and I don't have an Adfly program. Neither Microsoft Defender nor Malwarebytes can root this one out. Any help woud be greatly appreciated.

Link to post
Share on other sites

Hello austin98 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
Ran by Owner (administrator) on WIN-7SMPOFTM0TG (14-02-2017 16:28:26)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-16] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-06] (Spotify Ltd)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [7133808 2017-02-06] (Spotify Ltd)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\RunOnce: [Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\MountPoints2: {17a9f3d1-b425-11e6-80f7-d76b1e22fe18} - "W:\setup.exe" 
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\MountPoints2: {17a9f6d6-b425-11e6-80f7-d76b1e22fe18} - "X:\Setup.exe" 
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-05-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk [2016-09-13]
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-450020220-2406248147-2208601366-1001] => 52.9.135.126:3128
Winsock: Catalog5-x64 07 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 128.227.47.6 128.227.47.7
Tcpip\..\Interfaces\{6b0e86f1-332f-460c-953f-7b7c8ebd7be0}: [DhcpNameServer] 104.250.191.129 8.8.4.4
Tcpip\..\Interfaces\{7a450e3c-fe63-405a-b1a0-0b4bbc3789a4}: [NameServer] 8.8.8.8,208.67.222.222
Tcpip\..\Interfaces\{7a450e3c-fe63-405a-b1a0-0b4bbc3789a4}: [DhcpNameServer] 128.227.47.6 128.227.47.7

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-05-16] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-05-16] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-05-16] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-05-16] (LastPass)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-05-16] (LastPass)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-05-16] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://www.google.com","","hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6C2A9CB70D0D046E&affID=123884&tsp=4975"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-02-14]
CHR Extension: (Instant Notifications for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlgnpfgagimgadbaboilkbdnhbpegmd [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Accent Grid) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efedjomeallaomheefphgnbleieplnfk [2017-01-05]
CHR Extension: (MindTheWord) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabjlaokbhaoehejcoblhahcekmogbom [2017-01-31]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR HKU\S-1-5-21-450020220-2406248147-2208601366-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-06-04]
CHR HKU\S-1-5-21-450020220-2406248147-2208601366-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-04-05] () [File not signed]
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
S3 hns; C:\WINDOWS\System32\HostNetSvc.dll [553984 2016-12-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 OpenVPNService; C:\Program Files (x86)\Ivacy\bin\openvpnserv.exe [26416 2016-05-24] (The OpenVPN Project)
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176936 2016-09-13] (Impulse Point, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [1911296 2016-11-11] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14422528 2016-10-14] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BazisPortableCDBus; C:\WINDOWS\System32\drivers\BazisPortableCDBus.sys [283480 2015-07-25] (Sysprogs OU)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [22528 2016-09-16] (Microsoft Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [24576 2016-09-16] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [46592 2016-09-16] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [50176 2016-09-16] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [30720 2016-09-16] (Microsoft Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-07-16] (Realsil Semiconductor Corporation)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [354624 2016-08-07] (Realtek                                                                )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-23] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103424 2016-09-16] (Microsoft Corporation)
R3 tapoas; C:\WINDOWS\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [26624 2016-09-16] (Microsoft Corporation)
R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1616384 2016-12-13] (Microsoft Corporation)
R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [33632 2016-08-05] (Microsoft Corporation)
S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [1616384 2016-12-13] (Microsoft Corporation)
S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1616384 2016-12-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [207360 2016-09-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 16:28 - 2017-02-14 16:28 - 00019465 _____ C:\Users\Owner\Downloads\FRST.txt
2017-02-14 16:27 - 2017-02-14 16:28 - 02422272 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-02-13 11:45 - 2017-02-13 11:45 - 00000022 _____ C:\WINDOWS\S.dirmngr
2017-01-26 11:02 - 2017-01-26 11:06 - 00000000 ____D C:\AdwCleaner
2017-01-25 16:36 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 16:36 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-15 16:11 - 2017-01-15 16:11 - 00338392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-15 16:02 - 2017-01-15 16:02 - 00000027 _____ C:\Settings.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 16:28 - 2016-06-22 06:42 - 00000000 ____D C:\FRST
2017-02-14 16:09 - 2015-06-04 04:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2017-02-14 16:01 - 2015-06-04 01:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 15:57 - 2016-09-16 09:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-14 15:57 - 2016-06-18 10:41 - 00000000 ____D C:\Program Files (x86)\SafeConnect
2017-02-13 11:59 - 2017-01-11 18:19 - 00915834 _____ C:\WINDOWS\system32\perfh00C.dat
2017-02-13 11:59 - 2017-01-11 18:19 - 00183740 _____ C:\WINDOWS\system32\perfc00C.dat
2017-02-13 11:59 - 2015-06-04 04:27 - 03069448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 11:56 - 2015-06-04 05:16 - 00000000 ___RD C:\Users\Owner\Google Drive
2017-02-13 11:45 - 2016-09-16 09:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 11:35 - 2016-07-16 01:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-13 11:33 - 2016-04-24 10:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
2017-02-13 10:09 - 2016-04-24 10:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2017-02-11 10:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 08:31 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-09 18:07 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 10:30 - 2015-06-04 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-02 19:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-02 09:47 - 2015-06-05 17:18 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 20:35 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-01 20:34 - 2016-07-16 09:15 - 00000000 ____D C:\WINDOWS\OCR
2017-01-23 22:42 - 2016-06-06 17:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-01-22 18:22 - 2015-06-04 00:39 - 00000000 ____D C:\ProgramData\Oracle
2017-01-22 18:18 - 2016-09-13 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-22 18:18 - 2016-08-08 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 18:18 - 2015-11-25 13:19 - 00000000 ____D C:\Program Files\Java
2017-01-22 18:17 - 2016-08-08 15:51 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-01-21 21:56 - 2015-06-04 00:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-15 12:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2016-05-16 12:05 - 2016-05-16 12:05 - 21737496 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-06-17 01:54 - 2016-06-17 01:54 - 0004436 _____ () C:\Users\Owner\AppData\Roaming\90msp-RKSJ-V
2016-10-10 02:33 - 2016-10-10 02:33 - 0000677 _____ () C:\Users\Owner\AppData\Roaming\adventives.zkh
2016-06-17 01:53 - 2016-06-17 01:53 - 0001196 _____ () C:\Users\Owner\AppData\Roaming\Athens
2016-10-10 02:33 - 2016-10-10 02:33 - 0060457 _____ () C:\Users\Owner\AppData\Roaming\bookmaking.rgj
2016-10-11 13:57 - 2016-10-11 20:32 - 0061134 _____ () C:\Users\Owner\AppData\Roaming\Carney.DLB
2016-06-17 01:53 - 2016-06-17 01:53 - 0001930 _____ () C:\Users\Owner\AppData\Roaming\compare-with-callbacks.js
2016-06-17 01:53 - 2016-06-17 01:53 - 0003119 _____ () C:\Users\Owner\AppData\Roaming\frnphon.env
2016-06-22 07:58 - 2016-06-22 07:58 - 0000747 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-11-25 13:07 - 2015-11-25 13:07 - 0000008 _____ () C:\ProgramData\-
2016-07-19 11:48 - 2016-07-19 11:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-16 09:45 - 2016-09-16 09:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-01-22 18:17 - 2017-01-22 18:17 - 0739904 _____ (Oracle Corporation) C:\Users\Owner\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 10:05

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

mmm, the connection is through DNS Servers: 8.8.8.8 - 208.67.222.222,  can you get confirmation regarding the proxy.. The info follows:

IP Information for 52.9.135.126
Quick Stats
IP Location     United States United States San Francisco Amazon Technologies Inc.
ASN     United States AS16509 AMAZON-02 - Amazon.com, Inc., US (registered May 04, 2000)
Resolve Host     ec2-52-9-135-126.us-west-1.compute.amazonaws.com
Whois Server     whois.arin.net
IP Address     52.9.135.126
 
   
   
   
   

Then the DNS settings are not quite right either.. 8.8.8.8 is correct for Google DNS, the secondary 208.67.222.222 looks not quite right, is this correct...

IP Information for 8.8.8.8
Quick Stats
IP Location     United States United States Mountain View Google Inc.
ASN
    United States AS15169 GOOGLE - Google Inc., US (registered Mar 30, 2000)
Resolve Host     google-public-dns-a.google.com
Whois Server     whois.arin.net
IP Address     8.8.8.8
Reverse IP     9,960 websites use this address.

IP Information for 208.67.222.222
Quick Stats
IP Location     Hong Kong Hong Kong Hong Kong Opendns Llc
ASN     Hong Kong AS36692 OPENDNS - OpenDNS, LLC, US (registered Mar 21, 2006)

Resolve Host     resolver1.opendns.com
Whois Server     whois.arin.net
IP Address     208.67.222.222
Reverse IP     32 websites use this address.

   
   
   
   
   
   
Link to post
Share on other sites

Ah, I input the DNS in, and I used to use Ivacy VPN so I had a VPN set up through that. Not sure if that's tied to the proxy, I don't recognize it. I set proxy settings to automatic and deleted the Ivacy VPN. Could that have been the problem? Ran Farbar once more, the results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
Ran by Owner (administrator) on WIN-7SMPOFTM0TG (14-02-2017 17:26:07)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-16] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-06] (Spotify Ltd)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [7133808 2017-02-06] (Spotify Ltd)
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\RunOnce: [Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\MountPoints2: {17a9f3d1-b425-11e6-80f7-d76b1e22fe18} - "W:\setup.exe" 
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\...\MountPoints2: {17a9f6d6-b425-11e6-80f7-d76b1e22fe18} - "X:\Setup.exe" 
HKU\S-1-5-21-450020220-2406248147-2208601366-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-05-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk [2016-09-13]
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-450020220-2406248147-2208601366-1001] => 52.9.135.126:3128
Winsock: Catalog5-x64 07 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 128.227.47.6 128.227.47.7
Tcpip\..\Interfaces\{6b0e86f1-332f-460c-953f-7b7c8ebd7be0}: [DhcpNameServer] 104.250.191.129 8.8.4.4
Tcpip\..\Interfaces\{7a450e3c-fe63-405a-b1a0-0b4bbc3789a4}: [NameServer] 8.8.8.8,208.67.222.222
Tcpip\..\Interfaces\{7a450e3c-fe63-405a-b1a0-0b4bbc3789a4}: [DhcpNameServer] 128.227.47.6 128.227.47.7

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-05-16] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-05-16] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-05-16] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-05-16] (LastPass)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-05-16] (LastPass)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-05-16] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://www.google.com","","hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6C2A9CB70D0D046E&affID=123884&tsp=4975"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-02-14]
CHR Extension: (Instant Notifications for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlgnpfgagimgadbaboilkbdnhbpegmd [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Accent Grid) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efedjomeallaomheefphgnbleieplnfk [2017-01-05]
CHR Extension: (MindTheWord) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabjlaokbhaoehejcoblhahcekmogbom [2017-01-31]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR HKU\S-1-5-21-450020220-2406248147-2208601366-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-06-04]
CHR HKU\S-1-5-21-450020220-2406248147-2208601366-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-04-05] () [File not signed]
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
S3 hns; C:\WINDOWS\System32\HostNetSvc.dll [553984 2016-12-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 OpenVPNService; C:\Program Files (x86)\Ivacy\bin\openvpnserv.exe [26416 2016-05-24] (The OpenVPN Project)
R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176936 2016-09-13] (Impulse Point, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [1911296 2016-11-11] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14422528 2016-10-14] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BazisPortableCDBus; C:\WINDOWS\System32\drivers\BazisPortableCDBus.sys [283480 2015-07-25] (Sysprogs OU)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [22528 2016-09-16] (Microsoft Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [24576 2016-09-16] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [46592 2016-09-16] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [50176 2016-09-16] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [30720 2016-09-16] (Microsoft Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-07-16] (Realsil Semiconductor Corporation)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [354624 2016-08-07] (Realtek                                                                )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-23] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103424 2016-09-16] (Microsoft Corporation)
R3 tapoas; C:\WINDOWS\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [26624 2016-09-16] (Microsoft Corporation)
R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1616384 2016-12-13] (Microsoft Corporation)
R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [33632 2016-08-05] (Microsoft Corporation)
S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [1616384 2016-12-13] (Microsoft Corporation)
S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1616384 2016-12-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [207360 2016-09-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 17:23 - 2017-02-14 17:23 - 00322274 _____ C:\Users\Owner\Downloads\Lab6-CBD-SamplDistn_x-bar.pdf
2017-02-14 17:23 - 2017-02-14 17:23 - 00230547 _____ C:\Users\Owner\Downloads\Lab5-CBD -SamplDistn_p-hat.pdf
2017-02-14 17:23 - 2017-02-14 17:23 - 00162537 _____ C:\Users\Owner\Downloads\Lab7-CBD-CI-mu.pdf
2017-02-14 16:28 - 2017-02-14 17:26 - 00019739 _____ C:\Users\Owner\Downloads\FRST.txt
2017-02-14 16:27 - 2017-02-14 16:28 - 02422272 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-02-13 11:45 - 2017-02-13 11:45 - 00000022 _____ C:\WINDOWS\S.dirmngr
2017-01-26 11:02 - 2017-01-26 11:06 - 00000000 ____D C:\AdwCleaner
2017-01-25 16:36 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 16:36 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-15 16:11 - 2017-01-15 16:11 - 00338392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-15 16:02 - 2017-01-15 16:02 - 00000027 _____ C:\Settings.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 17:26 - 2016-06-22 06:42 - 00000000 ____D C:\FRST
2017-02-14 17:23 - 2015-06-04 01:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 16:09 - 2015-06-04 04:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2017-02-14 15:57 - 2016-09-16 09:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-14 15:57 - 2016-06-18 10:41 - 00000000 ____D C:\Program Files (x86)\SafeConnect
2017-02-13 11:59 - 2017-01-11 18:19 - 00915834 _____ C:\WINDOWS\system32\perfh00C.dat
2017-02-13 11:59 - 2017-01-11 18:19 - 00183740 _____ C:\WINDOWS\system32\perfc00C.dat
2017-02-13 11:59 - 2015-06-04 04:27 - 03069448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 11:56 - 2015-06-04 05:16 - 00000000 ___RD C:\Users\Owner\Google Drive
2017-02-13 11:45 - 2016-09-16 09:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 11:35 - 2016-07-16 01:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-13 11:33 - 2016-04-24 10:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
2017-02-13 10:09 - 2016-04-24 10:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2017-02-11 10:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 08:31 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-09 18:07 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 10:30 - 2015-06-04 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-02 19:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-02 09:47 - 2015-06-05 17:18 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 20:35 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-01 20:34 - 2016-07-16 09:15 - 00000000 ____D C:\WINDOWS\OCR
2017-01-23 22:42 - 2016-06-06 17:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-01-22 18:22 - 2015-06-04 00:39 - 00000000 ____D C:\ProgramData\Oracle
2017-01-22 18:18 - 2016-09-13 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-22 18:18 - 2016-08-08 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 18:18 - 2015-11-25 13:19 - 00000000 ____D C:\Program Files\Java
2017-01-22 18:17 - 2016-08-08 15:51 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-01-21 21:56 - 2015-06-04 00:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-15 12:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2016-05-16 12:05 - 2016-05-16 12:05 - 21737496 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-06-17 01:54 - 2016-06-17 01:54 - 0004436 _____ () C:\Users\Owner\AppData\Roaming\90msp-RKSJ-V
2016-10-10 02:33 - 2016-10-10 02:33 - 0000677 _____ () C:\Users\Owner\AppData\Roaming\adventives.zkh
2016-06-17 01:53 - 2016-06-17 01:53 - 0001196 _____ () C:\Users\Owner\AppData\Roaming\Athens
2016-10-10 02:33 - 2016-10-10 02:33 - 0060457 _____ () C:\Users\Owner\AppData\Roaming\bookmaking.rgj
2016-10-11 13:57 - 2016-10-11 20:32 - 0061134 _____ () C:\Users\Owner\AppData\Roaming\Carney.DLB
2016-06-17 01:53 - 2016-06-17 01:53 - 0001930 _____ () C:\Users\Owner\AppData\Roaming\compare-with-callbacks.js
2016-06-17 01:53 - 2016-06-17 01:53 - 0003119 _____ () C:\Users\Owner\AppData\Roaming\frnphon.env
2016-06-22 07:58 - 2016-06-22 07:58 - 0000747 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-11-25 13:07 - 2015-11-25 13:07 - 0000008 _____ () C:\ProgramData\-
2016-07-19 11:48 - 2016-07-19 11:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-16 09:45 - 2016-09-16 09:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-01-22 18:17 - 2017-01-22 18:17 - 0739904 _____ (Oracle Corporation) C:\Users\Owner\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 10:05

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Nothing has changed with the DNS settings, I do not like the mismatch. Safeconnect appears to work by encryption, it also checks whats happening with your system, makes sure anti-virus is good, also checks no P2P connections are made....lots of other checks...

You mention that the problem appears to be down to Chrome opening unwanted tabs, lets go for a clean install of Chrome and see what gives after that...

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help with tab issue..?
Link to post
Share on other sites

I see no reason why you should not re-install Chrome, obviously that is your choice..As you say the issue has not returned run the following to clean up..

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following item is the only one checkmarked:

 
  • Remove disinfection tools <----- this will remove tools we have used.


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Sorry about that, I mean't I didn't even think about doing a reinstall before you suggested it. I reinstalled yesterday as you suggested, but bad news... This morning, A Microsoft Edge tab opened up itself with the AdF.ly suspended page again, the same popup but now in Edge. At least it doesn't bring the popup front and center anymore, so that's a step in the right direction I guess...

Link to post
Share on other sites

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.

Next,

Alter your DNS settings, see if the issue clears....

Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary.

Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper

Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run.
From the left hand pane select "Flush DNS"
From the main interface select the dropdown under "Choose a DNS Server"
From the list select either "Google Public DNS" or "Open DNS"
From the left hand pane select "Apply DNS"
When done re-boot your system....
 
Any improvement....?
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.