Saintmatthew

So far, so good.

Uninstall and reinstall of Chrome may have have finished. Running scans now but no pop-ups/avast pop-up alerts.

It seems to be mainly Chrome Addition.txt FRST.txt

Well that didn't take long. Went to Amazon, and three click brought up popups and redirects to places like customer view.org asking me to take a "anonymous survey".

I'll check. I was waiting to do anything browser related until given the go ahead so as not to muck up anything. I'll report back.

Thanks again. Here is that Log: Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Admin on Tue 06/30/2015 at 13:50:32.37.Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Admin\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 6/30/2015 1:56:14 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfullyC:\PROGRA~2\SoftwareForce deleted successfullyC:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\SoftwareForce not foundC:\PROGRA~2\Strict Workflow deletedC:\Users\Admin\AppData\Local\teci deletedC:\PROGRA~3\{23a7d258-c245-851f-23a7-7d258c244963} deletedC:\Users\Admin\AppData\Roaming\WB.CFG deletedC:\Users\Admin\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector deletedC:\PROGRA~3\Nico Mak Computing\WinZip Malware Protector deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deletedC:\windows\SysNative\config\systemprofile\Searches deletedC:\windows\SysNative\GroupPolicy\machine deletedC:\windows\SysNative\GroupPolicy\gpt.ini deletedC:\Users\Admin\gotomypc_540.exe deletedC:\Users\Admin\gotomypc_626.exe deleted"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [06/29/2015 01:17 PM] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsgomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/29/2015 01:16 PM]lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM] Avast Online Security - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmkiChrome Hotword Shared Module - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgSkype for Chromium - Curry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflNorton Identity Protection - Curry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk ==== Chromium Startpages ====================== C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences{"account_tracker_service_last_update":"13079285070784795","bookmark_bar":{"show_on_all_tabs":false},"browser":{"check_default_browser":false,"show_home_button":true,"window_placement":{"bottom":850,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0}},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","6171357"],"daily_original_length_via_data_reduction_proxy":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_original_length_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","6171357"],"daily_received_length_https_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_long_bypass_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_short_bypass_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_unknown_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_via_data_reduction_proxy":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"last_update_date":"13079246400000000"},"default_apps_install_state":3,"distribution":{"auto_launch_chrome":false,"do_not_create_any_shortcuts":true,"do_not_launch_chrome":true,"make_chrome_default":false,"make_chrome_default_for_user":false,"skip_first_run_ui":true,"suppress_first_run_bubble":true},"dns_prefetching":{"host_referral_list":[2],"startup_list":[1,"http://cache.pack.google.com/","http://r5---sn-8xgp1vo-2ias.c.pack.google.com/","http://r7---sn-8xgp1vo-2ias.c.pack.google.com/","https://clients2.google.com/","https://clients2.googleusercontent.com/]},"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"13079303614240628"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"last_chrome_version":"45.0.2423.0"},"first_run_tabs":[""],"homepage":"http://www.dregol.com/?f=1&a=drg_coinisrs_15_25_j1&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyCyCzytByByB0B0EtDtN0D0Tzu0StCtByCyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDyByDzy0DtBzztGyD0FzzzytGzztCzz0EtGyE0E0A0FtGzyzz0DyBtC0FtDtCzy0EtA0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0BtAtA0DyDtCzztGyDyEtDzytGyEtA0DyCtG0A0EtDtAtG0CyCtCyB0ByD0FyCyDtByC0B2QtN0A0LzutB&cr=1740325671&ir=&uref=chmm","homepage_is_newtabpage":false,"http_original_content_length":"6171357","http_received_content_length":"6171357","intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"TrWzz9bW3amLd/4mFow0cg=="},"media":{"device_id_salt":"Xa0qYsdCjm+MdJJH2SOFTg=="},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Person1","per_host_zoom_levels":{}},"protection":{"macs":{"browser":{"show_home_button":"9463DEC4C15E47646D05FD921E0E475249EA15DE77808C4664EF238C54D89FC7"},"default_search_provider":{"keyword":"42142BFC0323D5EF138C9ED2128F1DEB2FD3E3F7AF30AD930F60A1C5B87E5276","name":"D29ED831358AACE7408781A9A65FA083D8CBA1662ED7E0356AEB94734C60D047","search_url":"D02C7D9E52A3893EB51633C2C0CA63BB6AC27B4E406A7C47D6A896AF4042FDDE"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"google":{"services":{"account_id":"E5B4CD7C5FA271A47D07D462465AFD63DBF6A8CDFAFEF4839D13F8F552131486","last_username":"24FCEF9BF7DF12A2935BE143E58951E09DBAA1D3E0E24430C0FF93009F5D6AFD","username":"D26BCA1B2F99EDF1D42826D14541328D9E374F4559553FC3BB7E76405AC31AE2"}},"homepage":"A337C708BC06EC626AAC883575D7EC3FD13C7E0CED21AE3E50F48CE2DB38846C","homepage_is_newtabpage":"C77EA32F1872FF78A94FD3CF2AC2625671D07B6EC18468CE474F383FE0BAFEFA","pinned_tabs":"5FF265371BB528ED630092A900058C08217611AB525D4C12B41C44C008BAC799","prefs":{"preference_reset_time":"95C909F3D0669D5931907B455F099C510E7770D9F0BA6FF13E4C76101B44F757"},"profile":{"reset_prompt_memento":"D4530CB53DD89D7863C8A6CB3762FD06DE5DBC9965D16D3A72FE1B19AD4A6C8F"},"safebrowsing":{"incidents_sent":"569707D9A4676B72F48BE92B740BE3EF895419C8A646F1AE1BA70BD9C3B41845"},"search_provider_overrides":"A12FEF346B0B88D72F6E8851666BC54DCA1E2D09C19D5A2BCF22CB948BCF6843","session":{"restore_on_startup":"F9BD26F5D1AA6AB5258754888529CB2A82AE68D1703BCC2A97DEAEE5DDDA190E","startup_urls":,,,,"suggest_url":""}],"search_provider_overrides_version":1,"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13079285070730477"},"translate_blocked_languages":["en"],"translate_whitelists":{}} C:\Users\Curry\AppData\Local\Google\Chrome\User Data\Default\Preferences"homepage": "http://start.toshiba.com/?cid=C001B2Y", ==== Chromium Fix ====================== C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage-journal deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.angieslist.com_0.localstorage deleted successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.angieslist.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{467F060D-6ABD-4377-BD97-85B84D9ECC0D} Google Url="http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS464"{c9ab6446-7efc-47fe-966c-dc54324eff9f} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences was reset successfullyC:\Users\Admin\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfullyC:\Users\Curry\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Admin\AppData\Local\Chromium\User Data\Default\Web Data was reset successfullyC:\Users\Admin\AppData\Local\Chromium\User Data\Default\Web Data-journal was reset successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfullyC:\Users\Curry\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C5F3BDC-0A1B-4436-A696-5939629D5C31} deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Admin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Curry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Curry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Cache emptied successfullyC:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Curry\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=53 folders=10 268198197 bytes) ==== Empty Temp Folders ====================== C:\Users\Admin\AppData\Local\Temp will be emptied at rebootC:\Users\Curry\AppData\Local\Temp emptied successfullyC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptiedC:\Users\Admin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Curry\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NSEHUSD2\americanexpress.com" not found"C:\Users\Curry\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NSEHUSD2\cnettv.cnet.com" not found"C:\Users\Curry\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NSEHUSD2\content.yieldmanager.edgesuite.net" not found"C:\Users\Curry\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NSEHUSD2\dingo.care2.com" not found"C:\Users\Curry\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NSEHUSD2\www.fox.com" not found ==== EOF on Tue 06/30/2015 at 14:30:31.73 ======================

Hi TwinHeaded Eagle, Thanks for your help. I've pasted the content of the log below: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/30/2015Scan Time: 12:32 PMLogfile: Administrator: Yes Version: 2.1.8.1057Malware Database: v2015.06.30.05Rootkit Database: v2015.06.30.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Admin Scan Type: Threat ScanResult: CompletedObjects Scanned: 420830Time Elapsed: 36 min, 32 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 2PUP.Optional.FilterResults.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_filterresults-a.akamaihd.net_0.localstorage, Delete-on-Reboot, [1ac3249c7713e452fe963661ea1b22de], PUP.Optional.FilterResults.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_filterresults-a.akamaihd.net_0.localstorage-journal, Delete-on-Reboot, [46970db345454cea365e0b8c34d1c040], Physical Sectors: 0(No malicious items detected) (end)

I keep getting these PUP items found and removed in MB, only to return. Full scan with Avast, MD, ADWCleaner, Hitman Pro and Junkware and they keep coming back. FRST & Addition files attached. Any suggestions? This machine is primarily an email & web machine. Mainly a Netflix machine really. Nothing illict....not even any porn(haha). Addition.txt FRST.txt