Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting redirected and words are hyperlinks throughout web pages


  • This topic is locked This topic is locked
6 replies to this topic

#1 HeyItsRon

HeyItsRon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 07 August 2016 - 02:07 PM

Downloaded a "game," and immediately started getting redirected every site that I go to.  When I click anywhere on the page, a new tab will be created.  Constant pop-ups saying that my computer is infected (how ironic), and there are words that are hyperlinked throughout the page.  I can temporarily stop it by disabling the extension in Chrome, but when I close out of the window completely and re-open it, it comes back until disabled again.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Ron (administrator) on RON-PC (07-08-2016 13:44:23)
Running from F:\Chrome Downloads
Loaded Profiles: Ron (Available Profiles: Ron & Drew & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) F:\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => F:\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-08-02] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-04] (Raptr, Inc)
HKU\S-1-5-21-1532655039-1630250766-3435627146-1000\...\Run: [Steam] => F:\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-1532655039-1630250766-3435627146-1000\...\Run: [Dropbox Update] => C:\Users\Ron\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-16] (Dropbox, Inc.)
HKU\S-1-5-21-1532655039-1630250766-3435627146-1000\...\Run: [Skype] => F:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1532655039-1630250766-3435627146-1000\...\MountPoints2: {dbf5ae15-55d8-11e5-9bc2-806e6f6e6963} - "D:\autorun.bat" 
HKU\S-1-5-21-1532655039-1630250766-3435627146-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0e7fbb1d-ad6a-4125-8bca-4838d9bac0a1}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\S-1-5-21-1532655039-1630250766-3435627146-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1532655039-1630250766-3435627146-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-17] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-17] (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/nirvana/controls/pcmatic.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-08-04] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Momentum New Tab Page) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdholagkagimalmpmohnkmpcbjomlgp [2016-08-07]
CHR Extension: (Google Drive) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-01-14]
CHR Extension: (Google Play Music) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Skype) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-08-07]
CHR Extension: (Google Hangouts) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-03-17]
CHR Extension: (Gmail) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-29] () [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-07-18] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2015-06-24] (DTS)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-08-02] (Plays.tv, LLC)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SkypeUpdate; F:\Program Files (x86)\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-07-25] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2016-04-26] (Advanced Micro Devices)
S3 LADF_BakerCOnly; C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
S3 LADF_BakerROnly; C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 lgLowAudio; C:\Windows\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-08-07] (Zemana Ltd.)
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-07 13:43 - 2016-08-07 13:44 - 00000000 ____D C:\FRST
2016-08-07 13:34 - 2016-08-07 13:35 - 00000000 ____D C:\Users\Ron\Desktop\Movies
2016-08-07 13:20 - 2016-08-07 13:22 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Raptr
2016-08-07 13:20 - 2016-08-07 13:22 - 00000000 ____D C:\Users\Ron\AppData\Roaming\PlaysTV
2016-08-07 13:20 - 2016-08-07 13:21 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-08-07 13:20 - 2016-08-07 13:20 - 00002099 _____ C:\Users\Public\Desktop\Raptr.lnk
2016-08-07 13:20 - 2016-08-07 13:20 - 00000000 ____D C:\Users\Ron\AppData\Roaming\library_dir
2016-08-07 13:20 - 2016-08-07 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2016-08-07 13:20 - 2016-08-07 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-08-07 13:20 - 2016-08-07 13:20 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-08-07 13:20 - 2016-08-07 13:20 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-08-07 13:20 - 2016-06-23 13:22 - 00264992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-07 13:20 - 2016-06-23 13:21 - 00257824 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-07 13:20 - 2016-06-23 13:21 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-07 13:20 - 2016-06-23 13:20 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-07 13:19 - 2016-08-07 13:19 - 00000000 ____D C:\ProgramData\ATI
2016-08-07 13:19 - 2016-08-07 13:19 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-07 13:18 - 2016-08-07 13:18 - 00001250 _____ C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-08-07 13:13 - 2016-08-07 13:13 - 00000000 ____D C:\Users\Ron\AppData\Local\AMD
2016-08-07 13:13 - 2016-08-07 13:13 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2016-08-07 13:13 - 2016-08-07 13:13 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2016-08-07 13:13 - 2016-08-07 13:13 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2016-08-07 13:13 - 2016-08-07 13:13 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2016-08-07 13:13 - 2016-08-07 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-08-07 13:13 - 2016-08-07 13:13 - 00000000 ____D C:\Program Files\ATI Technologies
2016-08-07 13:13 - 2016-08-07 13:13 - 00000000 ____D C:\Program Files (x86)\AMD
2016-08-07 13:12 - 2016-08-07 13:12 - 00000000 ____D C:\Users\Ron\AppData\Roaming\ATI
2016-08-07 13:12 - 2016-08-07 13:12 - 00000000 ____D C:\Users\Ron\AppData\Local\ATI
2016-08-07 13:11 - 2016-08-07 13:21 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-08-07 13:11 - 2016-08-07 13:16 - 00000000 ____D C:\AMD
2016-08-07 13:11 - 2016-08-07 13:11 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-08-07 13:11 - 2016-08-07 13:11 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-08-07 13:10 - 2016-08-07 13:20 - 00000000 ____D C:\Program Files\AMD
2016-08-07 12:59 - 2016-08-07 12:59 - 20053184 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-08-07 12:58 - 2016-08-07 12:58 - 00237512 _____ C:\ProgramData\1470592638.bdinstall.bin
2016-08-07 12:58 - 2016-08-07 12:58 - 00027581 _____ C:\ProgramData\1470592689.bdinstall.bin
2016-08-07 12:58 - 2016-08-07 12:58 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Bitdefender
2016-08-07 12:55 - 2016-08-07 12:55 - 00002137 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-08-07 12:55 - 2016-01-22 19:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-08-07 12:51 - 2016-08-07 12:51 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-25 15:56 - 2016-07-25 15:56 - 08864056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2016-07-25 15:56 - 2016-07-25 15:56 - 07234256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 08653128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 07044704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00474992 _____ C:\WINDOWS\system32\amdmiracast.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00160792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00151456 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00135288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00133808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00119744 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00119744 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00102040 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2016-07-25 15:55 - 2016-07-25 15:55 - 00102040 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2016-07-25 15:54 - 2016-07-25 15:54 - 00155616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2016-07-25 15:54 - 2016-07-25 15:54 - 00134776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 26632720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00874520 _____ (AMD) C:\WINDOWS\system32\coinst_16.30.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00279056 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00267288 _____ C:\WINDOWS\system32\GameManager64.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00261656 _____ C:\WINDOWS\system32\clinfo.exe
2016-07-25 15:53 - 2016-07-25 15:53 - 00260112 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00232472 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00225808 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00128528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00126488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00121872 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00110104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2016-07-25 15:53 - 2016-07-25 15:53 - 00012816 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 15720464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00513040 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2016-07-25 15:52 - 2016-07-25 15:52 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00278544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2016-07-25 15:52 - 2016-07-25 15:52 - 00222736 _____ C:\WINDOWS\system32\atieah64.exe
2016-07-25 15:52 - 2016-07-25 15:52 - 00200720 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2016-07-25 15:52 - 2016-07-25 15:52 - 00194064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00167952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00115216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00102416 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00099856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00099856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00060944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2016-07-25 15:52 - 2016-07-25 15:52 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2016-07-25 15:51 - 2016-07-25 15:51 - 48806416 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 14311440 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 08827920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 07084560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 02369040 _____ C:\WINDOWS\system32\amdoclvp9lib64.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 02279440 _____ C:\WINDOWS\SysWOW64\amdoclvp9lib32.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 02138640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 01828880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 01318416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 00985104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 00985104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 00394256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2016-07-25 15:51 - 2016-07-25 15:51 - 00064528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 00057872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2016-07-25 15:51 - 2016-07-25 15:51 - 00052240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2016-07-25 15:50 - 2016-07-25 15:50 - 38257680 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2016-07-25 15:50 - 2016-07-25 15:50 - 27480592 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2016-07-25 15:50 - 2016-07-25 15:50 - 21632528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2016-07-25 15:50 - 2016-07-25 15:50 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2016-07-25 15:50 - 2016-07-25 15:50 - 00047120 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 08619024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 06947344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00742928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00618512 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00313760 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2016-07-25 15:49 - 2016-07-25 15:49 - 00213520 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00193040 _____ C:\WINDOWS\system32\amdhdl64.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00173072 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00104984 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00095760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00075280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2016-07-25 15:49 - 2016-07-25 15:49 - 00058896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2016-07-25 15:45 - 2016-07-25 15:45 - 32548376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2016-07-25 15:45 - 2016-07-25 15:45 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2016-07-25 15:45 - 2016-07-25 15:45 - 00283664 _____ C:\WINDOWS\system32\dgtrayicon.exe
2016-07-25 15:45 - 2016-07-25 15:45 - 00240664 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2016-07-25 15:45 - 2016-07-25 15:45 - 00100880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2016-07-25 06:40 - 2016-07-25 06:40 - 00149008 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2016-07-25 06:40 - 2016-07-25 06:40 - 00117808 _____ C:\WINDOWS\system32\kapp_ci.sbin
2016-07-25 06:40 - 2016-07-25 06:40 - 00112336 _____ C:\WINDOWS\system32\kapp_si.sbin
2016-07-25 06:39 - 2016-07-25 06:39 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2016-07-25 06:39 - 2016-07-25 06:39 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2016-07-25 06:39 - 2016-07-25 06:39 - 00368672 _____ C:\WINDOWS\system32\ativvaxy_el_nd.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00322996 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00322736 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00270912 _____ C:\WINDOWS\system32\ativvaxy_stn_nd.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00266816 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00260980 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00260720 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00234292 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00234032 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00177280 _____ C:\WINDOWS\system32\ativce03.dat
2016-07-25 06:39 - 2016-07-25 06:39 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2016-07-25 06:38 - 2016-07-25 06:38 - 00731440 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2016-07-25 06:38 - 2016-07-25 06:38 - 00731440 _____ C:\WINDOWS\system32\atiapfxx.blb
2016-07-25 06:37 - 2016-07-25 06:37 - 00890373 _____ C:\WINDOWS\system32\amdicdxx.dat
2016-07-25 06:37 - 2016-07-25 06:37 - 00175584 _____ C:\WINDOWS\system32\amde31a.dat
2016-07-25 06:37 - 2016-07-25 06:37 - 00166624 _____ C:\WINDOWS\system32\amde34b.dat
2016-07-25 06:37 - 2016-07-25 06:37 - 00166624 _____ C:\WINDOWS\system32\amde34a.dat
2016-07-25 06:37 - 2016-07-25 06:37 - 00016827 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2016-07-25 06:37 - 2016-07-25 06:37 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2016-07-25 06:37 - 2016-07-25 06:37 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2016-07-18 17:02 - 2016-07-18 17:02 - 02412544 _____ C:\WINDOWS\system32\amdacpusl.pdb
2016-07-18 16:51 - 2016-07-18 16:51 - 00364544 _____ (Advanced Micro Devices) C:\WINDOWS\system32\amdacpusl.dll
2016-07-18 16:51 - 2016-07-18 16:51 - 00306176 _____ C:\WINDOWS\system32\amdacpusl.pdb.pub
2016-07-18 16:51 - 2016-07-18 16:51 - 00248832 _____ (Advanced Micro Devices) C:\WINDOWS\SysWOW64\amdacpusl.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-07 13:43 - 2016-03-17 00:34 - 00049959 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-08-07 13:39 - 2016-03-16 22:26 - 00000000 ____D C:\Program Files (x86)\Smart Security
2016-08-07 13:36 - 2014-12-26 17:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-07 13:35 - 2015-11-04 17:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-07 13:34 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-07 13:34 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-07 13:33 - 2014-10-07 16:52 - 00000000 ____D C:\Users\Ron\AppData\Roaming\vlc
2016-08-07 13:31 - 2013-03-19 20:12 - 00000000 ____D C:\Users\Ron\Desktop\LOLReplay
2016-08-07 13:28 - 2015-12-18 03:14 - 00006812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-07 13:28 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-07 13:22 - 2014-09-27 12:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-07 13:21 - 2015-12-18 03:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-07 13:21 - 2015-12-18 03:14 - 00000000 ____D C:\Users\Ron
2016-08-07 13:21 - 2015-12-18 03:13 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-07 13:21 - 2015-12-18 03:12 - 00340920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-07 13:21 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-08-07 13:19 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-07 13:14 - 2014-08-16 20:05 - 00000000 ____D C:\Users\Ron\AppData\Local\Packages
2016-08-07 13:13 - 2016-01-25 12:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-07 13:08 - 2015-01-28 22:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-07 13:06 - 2014-09-27 12:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-07 13:06 - 2013-03-07 16:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-07 13:00 - 2015-07-16 16:48 - 00000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1532655039-1630250766-3435627146-1000UA.job
2016-08-07 13:00 - 2014-09-27 12:38 - 00002465 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-07 13:00 - 2014-09-27 12:38 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 12:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-07 12:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-07 12:58 - 2016-03-17 00:03 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-08-07 12:58 - 2016-03-17 00:02 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-08-07 12:58 - 2014-02-18 18:11 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Battle.net
2016-08-07 12:57 - 2016-03-17 00:34 - 00036705 _____ C:\WINDOWS\ZAM.krnl.trace
2016-08-07 12:57 - 2016-03-17 00:33 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-08-07 12:57 - 2016-03-17 00:06 - 00003925 _____ C:\bdlog.txt
2016-08-07 12:56 - 2015-09-10 16:38 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9BA8B-6ADC-4B97-8435-80593F0B2435}
2016-08-07 12:55 - 2015-12-18 03:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-07 12:55 - 2013-01-18 03:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-07 12:53 - 2015-01-21 11:25 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Dropbox
2016-08-07 12:52 - 2015-07-16 16:48 - 00000000 ____D C:\Users\Ron\AppData\Local\Dropbox
2016-08-07 12:51 - 2016-03-17 00:33 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-08-07 12:51 - 2015-09-07 22:47 - 00002401 _____ C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-07 12:51 - 2015-09-07 22:47 - 00000000 ___RD C:\Users\Ron\OneDrive
2016-08-07 12:51 - 2014-09-27 12:37 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-07 12:51 - 2014-09-27 12:37 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-07 12:49 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-27 14:25 - 2010-11-20 22:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-25 15:56 - 2016-04-22 17:50 - 09310736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2016-07-25 15:56 - 2016-04-22 17:50 - 00149352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2016-07-25 15:56 - 2015-12-16 21:06 - 10284832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2016-07-25 15:56 - 2015-12-16 21:06 - 00180432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2016-07-25 15:55 - 2016-04-22 17:50 - 09108624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2016-07-25 15:55 - 2016-04-22 17:50 - 01272432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2016-07-25 15:55 - 2015-12-16 21:06 - 10967952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2016-07-25 15:55 - 2015-12-16 21:06 - 01546848 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2016-07-25 15:52 - 2015-12-16 21:07 - 26717720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2016-07-25 15:52 - 2015-12-16 21:07 - 00509464 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
 
==================== Files in the root of some directories =======
 
2014-09-01 05:42 - 2015-08-27 08:36 - 0000226 _____ () C:\Users\Ron\AppData\Roaming\WB.CFG
2008-02-05 16:28 - 2008-02-05 16:28 - 0000051 _____ () C:\Users\Ron\AppData\Local\setup.txt
2016-08-07 12:58 - 2016-08-07 12:58 - 0237512 _____ () C:\ProgramData\1470592638.bdinstall.bin
2016-08-07 12:58 - 2016-08-07 12:58 - 0027581 _____ () C:\ProgramData\1470592689.bdinstall.bin
2013-07-02 23:34 - 2013-07-02 23:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-18 03:13 - 2015-12-18 03:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-02-03 14:34 - 2014-01-19 16:15 - 0006570 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Ron\AppData\Local\Temp\HitmanPro.exe
C:\Users\Ron\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Ron\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ron\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ron\AppData\Local\Temp\nvStInst.exe
C:\Users\Ron\AppData\Local\Temp\playstv_patch.exe
C:\Users\Ron\AppData\Local\Temp\radeon-crimson-16.7.3-minimalsetup-160728.exe
C:\Users\Ron\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ron\AppData\Local\Temp\raptr_stub.exe
C:\Users\Ron\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ron\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-17 01:25
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 08 August 2016 - 07:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the Fixlog.txt and the AdwCleanerCx.txt logs.
Include also the Addition.txt log that was created by the Farbar tool.

Let me know if the problem persists.

#3 HeyItsRon

HeyItsRon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 08 August 2016 - 12:31 PM

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Ron (2016-08-08 12:10:17) Run:1
Running from F:\Chrome Downloads
Loaded Profiles: Ron (Available Profiles: Ron & Drew & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
idsvc => service removed successfully
ZAM => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 294577 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28954390 B
Java, Flash, Steam htmlcache => 187924710 B
Windows/system/drivers => 642941529 B
Edge => 17798280 B
Chrome => 354474914 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 12806 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 34714 B
NetworkService => 145579578 B
Ron => 596519494 B
Drew => 8198263 B
DefaultAppPool => 6150 B
 
RecycleBin => 55917696 B
EmptyTemp: => 1.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:10:29 ====
 
AdwCleaner Log
 
# AdwCleaner v5.033 - Logfile created 10/02/2016 at 19:49:04
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Ron - RON-PC
# Running from : F:\Chrome Downloads\adwcleaner_5.033.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : PrivoxyService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\Softcomp Software
[-] Folder Deleted : C:\ProgramData\415a1e2a2193aaeb
[-] Folder Deleted : C:\ProgramData\dealppeaak
[-] Folder Deleted : C:\Users\Ron\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Ron\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Ron\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Ron\AppData\Roaming\DSite
[-] Folder Deleted : C:\Users\Ron\AppData\Roaming\RocketUpdater
[-] Folder Deleted : C:\Users\Ron\AppData\Roaming\Yahoo!\Companion
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\DSite
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearchenginemax.com_0.localstorage
[-] File Deleted : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearchenginemax.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hiphopmyway.com_0.localstorage
[-] File Deleted : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hiphopmyway.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : DSite
[-] Task Deleted : Rocket Updater
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\dsiteproducts
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\Rocket Browser
[-] Key Deleted : HKCU\Software\RocketUpdater
[-] Key Deleted : HKCU\Software\SoftSuma
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{680DD11A-7F44-404D-A4A7-8A9D5937D8EB}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB599A30-C1F3-45EF-A832-D2E3A33AC29C}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6237 bytes] ##########
 
 
 
*Additon.txt created by Farbar on 8/7/16 has been attached.
 
 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 09 August 2016 - 08:40 AM

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {0E2D525A-2E7F-4E6B-8BD2-7987AF57FE12} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {195298EE-99F1-4647-9C8C-176D4B5B68F1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {227E399E-0BBA-4DAA-A494-9AA2F8E135FE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4C456A36-0008-423D-A766-933BA00D98F7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4C8D7492-2C90-49BB-8AB4-7302112AD95E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {57D15253-8BD7-4731-8250-2339B232B27C} - \Smart Security Viewer -> No File <==== ATTENTION
Task: {9DEF6A79-C4FF-4337-AB9B-A7CB5EDA41FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A57F2C56-97FE-48C5-A20F-2B39EE664522} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B0D3B1B5-97F9-4622-9C16-2697A5177355} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BA7A13BF-C81C-4E8E-8D57-05723543EB22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CEF949B4-27DC-4CD4-864A-61105AF0E99E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E8E169EA-693D-446A-AB8A-F786BADB5AEA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Program Files (x86)\Google\Chrome\Application\e58526c76809aa4b0e2ebaf1f4fc30c9"
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Program Files (x86)\Google\Chrome\Application\e58526c76809aa4b0e2ebaf1f4fc30c9"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Program Files (x86)\Google\Chrome\Application\e58526c76809aa4b0e2ebaf1f4fc30c9"
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/flashplayer/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
===

Please post the log and let me know of any remainin issues.

#5 HeyItsRon

HeyItsRon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 10 August 2016 - 04:50 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-08-2016
Ran by Ron (2016-08-10 16:34:07) Run:2
Running from F:\Chrome Downloads
Loaded Profiles: Ron (Available Profiles: Ron & Drew & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {0E2D525A-2E7F-4E6B-8BD2-7987AF57FE12} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {195298EE-99F1-4647-9C8C-176D4B5B68F1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {227E399E-0BBA-4DAA-A494-9AA2F8E135FE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4C456A36-0008-423D-A766-933BA00D98F7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <====
ATTENTION
Task: {4C8D7492-2C90-49BB-8AB4-7302112AD95E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {57D15253-8BD7-4731-8250-2339B232B27C} - \Smart Security Viewer -> No File <==== ATTENTION
Task: {9DEF6A79-C4FF-4337-AB9B-A7CB5EDA41FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A57F2C56-97FE-48C5-A20F-2B39EE664522} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B0D3B1B5-97F9-4622-9C16-2697A5177355} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BA7A13BF-C81C-4E8E-8D57-05723543EB22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CEF949B4-27DC-4CD4-864A-61105AF0E99E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E8E169EA-693D-446A-AB8A-F786BADB5AEA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
-> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Program Files (x86)\Google\Chrome\Application\e58526c76809aa4b0e2ebaf1f4fc30c9"
ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Program Files (x86)\Google\Chrome\Application\e58526c76809aa4b0e2ebaf1f4fc30c9"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Program Files (x86)\Google\Chrome\Application\e58526c76809aa4b0e2ebaf1f4fc30c9"
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
[0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E2D525A-2E7F-4E6B-8BD2-7987AF57FE12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E2D525A-2E7F-4E6B-8BD2-7987AF57FE12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{195298EE-99F1-4647-9C8C-176D4B5B68F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{195298EE-99F1-4647-9C8C-176D4B5B68F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{227E399E-0BBA-4DAA-A494-9AA2F8E135FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{227E399E-0BBA-4DAA-A494-9AA2F8E135FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C456A36-0008-423D-A766-933BA00D98F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C456A36-0008-423D-A766-933BA00D98F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C8D7492-2C90-49BB-8AB4-7302112AD95E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8D7492-2C90-49BB-8AB4-7302112AD95E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57D15253-8BD7-4731-8250-2339B232B27C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57D15253-8BD7-4731-8250-2339B232B27C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smart Security Viewer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DEF6A79-C4FF-4337-AB9B-A7CB5EDA41FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DEF6A79-C4FF-4337-AB9B-A7CB5EDA41FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A57F2C56-97FE-48C5-A20F-2B39EE664522}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A57F2C56-97FE-48C5-A20F-2B39EE664522}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0D3B1B5-97F9-4622-9C16-2697A5177355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D3B1B5-97F9-4622-9C16-2697A5177355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA7A13BF-C81C-4E8E-8D57-05723543EB22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA7A13BF-C81C-4E8E-8D57-05723543EB22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEF949B4-27DC-4CD4-864A-61105AF0E99E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEF949B4-27DC-4CD4-864A-61105AF0E99E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8E169EA-693D-446A-AB8A-F786BADB5AEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E169EA-693D-446A-AB8A-F786BADB5AEA}" => key removed successfully
-> No File <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Ron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
"C:\ProgramData\Reprise" => "AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm" ADS not found.
[0] => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 294259 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11753594 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4200 B
Edge => 0 B
Chrome => 77687641 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 818 B
NetworkService => 0 B
Ron => 3529452 B
Drew => 0 B
DefaultAppPool => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 88.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:34:19 ====
 
The extension in Google Chrome that I believe was causing the issue with the hyperlinking of words throughout webpages is no longer there.  I have also not have any problems with having pages redirected anymore.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 11 August 2016 - 07:23 AM

The extension in Google Chrome that I believe was causing the issue with the hyperlinking of words throughout webpages is no longer there. I have also not have any problems with having pages redirected anymore.

It was removed by the AdwCleaner tool.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:26 PM

Posted 17 August 2016 - 08:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users