Blackjack90 Posted January 3, 2021 ID:1430317 Share Posted January 3, 2021 Hello. A few weeks ago I started getting ad iframes in google search. I googled and did some stuff to fix it. Including using MalwareFox which found malecious registry entries. I removed them and for a couple of hours or days everything worked fine but it keeps coming back. The list of software I tried includes: Malwarebytes, MalwareFox, McAfee, AdwCleaner, Kaspersky and Hitman. Some of them found the reg entries, other didn't. btw I have attached a file with a log on where the entries appear and what the include. Please help me to get rid of the root cause. It's getting annoying removing those reg entries every time. FRST and Addiotion are also attached. 2020.12.16-19.01.01-i0-t92-d5.txt Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Blackjack90 Posted January 9, 2021 Author ID:1431346 Share Posted January 9, 2021 Can I get help with that? Been waiting for almost a week now Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 9, 2021 ID:1431367 Share Posted January 9, 2021 Hello You have run a swles of things on your own. While this case is active here, please stop getting & using any tools on your own. What follows is a few basic simple starter steps to help on the Chrome browser. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. If you will be away for more than 4 consecutive days, do try to let me know ahead of time, as much as possible. Please only just attach all report files, etc that I ask for as we go along. Thanks for the reports. [ 1 ] Use Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok". We need the SYNC option on Googoe to be OFF in order to clean Chrome browser. [ 2 ] for Chrome, while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) [ 3 ] After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" . [ 4 ] See this article on our Malwarebytes Bloghttps://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 5 ] I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. Link to post Share on other sites More sharing options...
Blackjack90 Posted January 9, 2021 Author ID:1431368 Share Posted January 9, 2021 Thank you for your reply. I did all this and even added the Malwarebytes Extension. How do I proceed? Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 9, 2021 ID:1431369 Share Posted January 9, 2021 The Chrome browser on this PC has a very very large ( huge ) number of browser extensions. So huge I believe this one has the most I have noticed anywhere else. I urge you to do a very close look and remove extensions you no longer need or hardly ever use. if Chrome is "having an issue" in standard mode: You can force Chrome to start in reduced mode, called Incognito mode, by putting a parameter at startup. First, close any prior instances of Chrome via Task Manager. Then press Windows-key+R for the RUN option and then put a command line similar to this {do use COPY & PASTE} chrome.exe -incognito Starting Chrome in Incognito mode may work for you, and allow you to make "changes" or tweaks in it. Note also, Incognito mode is also an option in the Chrome menu {as long as it can start}. Other suggestions, Still in Chrome, press ALT+F then Settings Click Extensions on the left. Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust. Also see these Google - Chrome articles and take appropriate measures !! Reset browser settingshttps://support.google.com/chrome/answer/3296214 Link to post Share on other sites More sharing options...
Blackjack90 Posted January 9, 2021 Author ID:1431373 Share Posted January 9, 2021 44 minutes ago, Maurice Naggar said: The Chrome browser on this PC has a very very large ( huge ) number of browser extensions. So huge I believe this one has the most I have noticed anywhere else. I urge you to do a very close look and remove extensions you no longer need or hardly ever use. if Chrome is "having an issue" in standard mode: You can force Chrome to start in reduced mode, called Incognito mode, by putting a parameter at startup. First, close any prior instances of Chrome via Task Manager. Then press Windows-key+R for the RUN option and then put a command line similar to this {do use COPY & PASTE} chrome.exe -incognito Starting Chrome in Incognito mode may work for you, and allow you to make "changes" or tweaks in it. Note also, Incognito mode is also an option in the Chrome menu {as long as it can start}. Other suggestions, Still in Chrome, press ALT+F then Settings Click Extensions on the left. Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust. Also see these Google - Chrome articles and take appropriate measures !! Reset browser settingshttps://support.google.com/chrome/answer/3296214 I've attached a screeshot of my extensions and I don't hink that this is a lot at all. Maybe you mixed something up? Also neither Chrome nor Firefox have any issues except this google search redirect/injection every now and then. Link to post Share on other sites More sharing options...
Blackjack90 Posted January 9, 2021 Author ID:1431375 Share Posted January 9, 2021 Of course I forgot to add it... Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 9, 2021 ID:1431382 Share Posted January 9, 2021 If you would try the Incognito mode of Chrome then it should do a lot better. Try that once or wtice. In the meantime, you can use EDGE browser. As to Chrome browser, it looks as if you have too many "profiles". Just take a look at what FRST reports for "Chrome extensions". ( this is just so you are fully aware ....later on we will do some other steps). by the way, FRST makes no mention of "visimy" CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default [2021-01-03] CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> duckduckgo.com CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (DuckDuckGo) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-12-19] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-16] CHR Extension: (Tampermonkey) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Quick Javascript Switcher) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-19] CHR Extension: (XPath Finder & Test Recorder by Tesrupt) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfcepneepanakckpfnfkjppffbikehl [2020-11-28] CHR Extension: (ChroPath) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (ColorPick Eyedropper) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2020-12-16] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Image Downloader) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Fatkun Batch Download Image) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnjjahlikiabnchcpehcpkdeckfgnohf [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Kaspersky Protection) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Kaspersky Protection) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Kaspersky Protection) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (NoFollow) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\dfogidghaigoomjdeacndafapdijmiid [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40 [2020-12-16] CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (Web Developer) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Facebook Pixel Helper) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (NordVPN - #1 VPN Proxy Extension for Chrome) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (ChroPath) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9 [2020-12-16] CHR DefaultSearchURL: Profile 9 -> hxxps://duckduckgo.com/?q={searchTerms} CHR DefaultSearchKeyword: Profile 9 -> duckduckgo.com CHR DefaultSuggestURL: Profile 9 -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28] CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28] CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28] CHR Extension: (Google Optimize) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\bhdplaindhdkiflmbfbciehdccfhegci [2020-11-28] CHR Extension: (DuckDuckGo) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-11-28] CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-28] CHR Extension: (Tampermonkey) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-11-28] CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28] CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28] CHR Extension: (Quick Javascript Switcher) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\geddoclleiomckbhadiaipdggiiccfje [2020-11-28] CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-28] CHR Extension: (Web Scraper - Free Web Scraping) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2020-11-28] CHR Extension: (XPath Finder & Test Recorder by Tesrupt) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\kcfcepneepanakckpfnfkjppffbikehl [2020-11-28] CHR Extension: (ChroPath) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-11-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28] CHR Extension: (ColorPick Eyedropper) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2020-11-28] CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28] CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28] CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-16] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 9, 2021 ID:1431394 Share Posted January 9, 2021 Hello. The next thing I would like you to do is to run the cleanup tool from Chrome - https://www.google.com/chrome/cleanup-tool/ It is made specifically by Chrome to cleanup Chrome browser. Let me know if this helps. If there are still a redirect issue, we can apply some other steps. 1 Link to post Share on other sites More sharing options...
Blackjack90 Posted January 9, 2021 Author ID:1431410 Share Posted January 9, 2021 Thank you for your help. As I mentioned in the opening post I don't have this problem all the time. Right now, there is no redirect but I still want to know where it's coming from. I don't think it's a browser thing because WHEN it happens all browser have it. Doesn't matter if Chrome, Firefox, Edge. The reason FRST doesn't mention visymo could be that it only checks browsers? Everything you recommended was done with no result. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 10, 2021 ID:1431435 Share Posted January 10, 2021 The FRST tool report shows all aspects as far as auto-started things, as well as all running processes. And as I noted, no mention of of "visymo" However, browser search hijackers can have other devious ways of being persistent. Lets do a one time special scan so I can review the results. Please download RogueKiller (x64) using the link below. → http://download.adlice.com/api?action=download&app=roguekiller&type=x64 Save the file first, Close any running programs that you started on your own ( if any). Please disconnect any USB or external drives from the computer before you run this scan! Double-click RogueKillerx64.exe to run the program. Follow the prompts. If a browser window opens, close the window. In the HOME tab, click Scan button Next, on the Quick scan pane, click om the Start button to proceed. . Upon completion, a browser window may open. Close this window. Important: Please do not have RogueKiller remove any detected items. Click the HISTORY tab followed by Scan Reports. Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop. Please attach the file in your next reply. 1 Link to post Share on other sites More sharing options...
Blackjack90 Posted January 10, 2021 Author ID:1431465 Share Posted January 10, 2021 Okay, I closed everything and run the tool. Result is attached. export.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted January 10, 2021 Solution ID:1431479 Share Posted January 10, 2021 Thanks. There are some values in the registry about autoconfigureurl that need to be removed, and other cleanups. Its highly likely that these autoconfigureurl values are key elements of the redirects. We also want to re-insure that all browser temporary cache files are emptied, as well as clearing all Temp areas. The system will be rebooted after the script has run. This custom script is for Blackjack90 only / for this machine only. NOTE-1: In addition, This fix will also run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The custom Fix script is going to be used by the FRST64.exe tool which you have on your Downloads folder. Please save the (attached file named) FIXLIST.txt to the Downloads folder Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTE64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this. Sincerely. Fixlist.txt 1 Link to post Share on other sites More sharing options...
Blackjack90 Posted January 10, 2021 Author ID:1431495 Share Posted January 10, 2021 Thanks again but the Fixlist.txt is empty. I pressed the fix button and it took like 1 seconds till it was done. Link to post Share on other sites More sharing options...
Blackjack90 Posted January 10, 2021 Author ID:1431496 Share Posted January 10, 2021 Nevermind, Firefox blocked the download it this file. Link to post Share on other sites More sharing options...
Blackjack90 Posted January 10, 2021 Author ID:1431501 Share Posted January 10, 2021 Here it comes. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 10, 2021 ID:1431505 Share Posted January 10, 2021 Thank you for the Fixlog report. This appears like a good & very helpful run. As a next step, to checkout your system a bit more, a new scan with Sophos. Download Sophos Free Virus Removal Tool and save it to your desktop.If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 1 Link to post Share on other sites More sharing options...
Blackjack90 Posted January 14, 2021 Author ID:1432389 Share Posted January 14, 2021 I finally hadSophosVirusRemovalTool.log time to run the tool. Logs are attached, nothing found. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 14, 2021 ID:1432401 Share Posted January 14, 2021 Allright. Thanks. Very good. Now then, I take it that the redirect to "visymo / universal search / zapmeta" is no longer happening. Now then, to strengthen your web browsers. Your system has the latest ( new) Edge browser, along with the Google Chrome can have the Malwarebytes Browser Guard. as also can the Mozilla Firefox. I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. [ 2 ] Now for the EDGE browser Open this link in your EDGE browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. [ 3 ] For Mozilla Firefox I would suggest to install the Malwarebytes Browser Guard for Firefox onto your Firefox browser. To get & install the Malwarebytes Firefox Browser Guard extension. Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/?src=search Then proceed with the setup. Once installed, you will see the Malwarebytes logo appear to the right of your Firefox Browser address bar ( top side, on the right) indicating it is installed. User Guide for Malwarebytes Browser Guard can be found here: https://support.malwarebytes.com/docs/DOC-3446 The Malwarebytes Browser Guard will keep your browser away from dodgy sites. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2021 ID:1432525 Share Posted January 15, 2021 Good morning. I am taking it that you have done these last steps ( above) and that the original issue is gone. Now, we can clean up after some tools we used. To remove the FRST tool & its work files, do this. Go to your Desktop folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete Roguekillerx64.exe Delete the Sophos download Any other download file I had you download, you may delete. I wish you all the best. Stay safe. Sincerely, Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2021 ID:1432526 Share Posted January 15, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts