Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome keeps getting redirected every couple minutes


  • This topic is locked This topic is locked
5 replies to this topic

#1 Jr0535

Jr0535

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 06 December 2016 - 06:22 AM

Ive tried many solutions to fix this issue: Junkware Removal Tool, Malwarebytes, Adwcleaner, ESET, ZHPcleaner, and other tools yet the issue remains. Chrome opens a new tab (page if its closed) with a random site. I have also restarted the browser, uninstalled the broswer, reinstalled, deleted the history, checked extenstions and my programs. I've also looked thru the folders on my system. Nothing has worked for me and honestly this issue is angering me since i usually can take care of little adware/virus without much issue. So any help is appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
Ran by Da Blazin JR (administrator) on JR-PC (06-12-2016 06:17:50)
Running from C:\Users\Da Blazin JR\Desktop
Loaded Profiles: Da Blazin JR (Available Profiles: Da Blazin JR)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(ELTIMA Software) C:\Program Files\Eltima Software\Flexihub\flexihub64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-02-23] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\Run: [Google Update] => C:\Users\Da Blazin JR\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-15] (Google Inc.)
HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\Run: [MusicManager] => C:\Users\Da Blazin JR\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\RunOnce: [Uninstall C:\Users\Da Blazin JR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Da Blazin JR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\MountPoints2: {9aadac2c-0c20-11e6-8269-b8b1ed468242} - "G:\Startup.exe" 
HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\MountPoints2: {a5d7955c-da3b-11e5-825a-305a3a7f736d} - "F:\setup.exe" 
HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2016-12-05]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3FEBB655-CAA4-4C81-AFFD-7B04A971DF9C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{586AEC82-D3F5-47E9-AD3D-C9EE9D3812DD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C162E796-592F-4B0A-B8BB-670B94118C48}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-20] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-20] (Oracle Corporation)
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-13] (iTools.hk)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-06] (Microsoft Corporation)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-13] (iTools.hk)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-06] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Da Blazin JR\AppData\Roaming\Mozilla\Firefox\Profiles\vrq6x5ot.default-1480984672900 [2016-12-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-15] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-15] ()
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1052855340-2448865491-1758856555-1002: @acestream.net/acestreamplugin,version=3.1.11 -> C:\Users\Da Blazin JR\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-1052855340-2448865491-1758856555-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Da Blazin JR\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1052855340-2448865491-1758856555-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Da Blazin JR\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1052855340-2448865491-1758856555-1002: SkypePlugin -> C:\Users\Da Blazin JR\AppData\Local\SkypePlugin\7.28.0.46\npGatewayNpapi.dll [2016-11-03] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1052855340-2448865491-1758856555-1002: SkypePlugin64 -> C:\Users\Da Blazin JR\AppData\Local\SkypePlugin\7.28.0.46\npGatewayNpapi-x64.dll [2016-11-03] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1052855340-2448865491-1758856555-1002: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-07-05] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1052855340-2448865491-1758856555-1002: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-07-05] (TD Ameritrade)
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll ()
CHR Profile: C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (Google Slides) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-23]
CHR Extension: (Google Docs) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-23]
CHR Extension: (Google Drive) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-23]
CHR Extension: (uBlock Origin) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-05]
CHR Extension: (Google Search) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-23]
CHR Extension: (Tampermonkey) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-05]
CHR Extension: (Google Play Music) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-11-12]
CHR Extension: (Google Sheets) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-23]
CHR Extension: (iCloud Bookmarks) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-03-11]
CHR Extension: (Tower Ghost for Destiny) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdjndlpockopgjbonnfdmkcmkcikjhge [2016-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR Extension: (Unblur StudyBlue) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmakigomfcpoacidlkbbkoeoegiigbo [2016-11-30]
CHR HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-09-16] (Advanced Micro Devices) [File not signed]
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1587872 2016-12-05] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-10-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2815520 2016-10-11] (ESET)
R2 flexihub; C:\Program Files\Eltima Software\Flexihub\flexihub64.exe [5602504 2016-11-25] (ELTIMA Software)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316128 2014-12-23] ()
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-16] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102400 2016-03-14] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-23] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-07] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-07-20] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [177792 2016-10-07] (ESET)
R3 ElgatoGC656Y; C:\Windows\System32\Drivers\ElgatoGC656.sys [43488 2015-11-06] (UB658)
S3 ElgatoVAD; C:\Windows\system32\DRIVERS\ElgatoVAD.sys [28800 2016-08-16] (Elgato Systems GmbH)
R3 ELTIMA_USB_HUB_FILTER; C:\Windows\System32\drivers\fusbhub.sys [103560 2016-10-04] (ELTIMA Software)
R1 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [67712 2016-10-07] (ESET)
R3 eustub; C:\Windows\System32\DRIVERS\eusbstub.sys [20616 2016-10-04] (ELTIMA Software)
S3 evserial8; C:\Windows\System32\DRIVERS\evserial8.sys [21128 2016-10-04] (ELTIMA Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2016-12-05] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-16] (Huawei Technologies Co., Ltd.)
S3 mt7612US; C:\Windows\system32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-07-12] (Oracle Corporation)
R3 VSBC8; C:\Windows\System32\drivers\evsbc8.sys [104584 2016-03-04] (ELTIMA Software)
R3 vuhub; C:\Windows\System32\drivers\vuhub.sys [118408 2016-03-04] (ELTIMA Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-22] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-05] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-06 06:17 - 2016-12-06 06:17 - 00020709 _____ C:\Users\Da Blazin JR\Desktop\FRST.txt
2016-12-06 05:26 - 2016-12-06 05:31 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-06 05:26 - 2016-12-06 05:31 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-06 05:26 - 2016-12-06 05:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-06 05:26 - 2016-12-06 05:26 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-06 05:26 - 2016-12-06 05:26 - 00002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-06 05:26 - 2016-12-06 05:26 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-06 04:08 - 2016-12-06 04:08 - 00000562 _____ C:\Users\Da Blazin JR\Desktop\JRT.txt
2016-12-06 01:24 - 2016-12-06 01:24 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Da Blazin JR\Downloads\esetonlinescanner_enu (2).exe
2016-12-06 01:04 - 2016-12-06 01:04 - 03135616 _____ (ESET) C:\Users\Da Blazin JR\Downloads\eset_nod32_antivirus_live_installer.exe
2016-12-06 01:04 - 2016-12-06 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-12-06 01:04 - 2016-12-06 01:04 - 00000000 ____D C:\ProgramData\ESET
2016-12-06 01:04 - 2016-12-06 01:04 - 00000000 ____D C:\Program Files\ESET
2016-12-06 01:02 - 2016-12-06 01:02 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Da Blazin JR\Downloads\esetonlinescanner_enu (1).exe
2016-12-06 01:02 - 2016-12-06 01:02 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Local\CrashDumps
2016-12-05 23:18 - 2016-12-06 01:44 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Local\ESET
2016-12-05 23:18 - 2016-12-05 23:18 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Da Blazin JR\Downloads\esetonlinescanner_enu.exe
2016-12-05 20:04 - 2016-12-05 20:04 - 00000000 ____D C:\Users\Da Blazin JR\Downloads\PrivaZer registry backups
2016-12-05 20:02 - 2016-12-05 20:54 - 00029158 _____ C:\Users\Da Blazin JR\Downloads\PrivaZer.ini
2016-12-05 19:59 - 2016-12-05 20:38 - 15000328 _____ (Goversoft LLC) C:\Users\Da Blazin JR\Downloads\PrivaZer.exe
2016-12-05 19:59 - 2016-12-05 19:59 - 07521544 _____ (Goversoft LLC) C:\Users\Da Blazin JR\Downloads\privazer_free.exe
2016-12-05 19:37 - 2016-12-05 19:44 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\ZHP
2016-12-05 19:37 - 2016-12-05 19:37 - 00000880 _____ C:\Users\Da Blazin JR\Desktop\ZHPCleaner.lnk
2016-12-05 19:36 - 2016-12-05 19:36 - 02581504 _____ C:\Users\Da Blazin JR\Downloads\ZHPCleaner.exe
2016-12-05 19:33 - 2016-12-05 19:33 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-12-05 19:33 - 2016-12-05 19:33 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-12-05 19:32 - 2016-12-05 19:32 - 00752296 _____ C:\Users\Da Blazin JR\Downloads\Adware Removal Tool by TSA.exe
2016-12-05 19:30 - 2016-12-06 06:17 - 05447355 _____ C:\Windows\ZAM.krnl.trace
2016-12-05 19:30 - 2016-12-06 06:17 - 00722529 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-12-05 19:29 - 2016-12-05 19:29 - 05431336 _____ ( ) C:\Users\Da Blazin JR\Downloads\Zemana.AntiMalware.Setup (1).exe
2016-12-05 19:29 - 2016-12-05 19:29 - 02419712 _____ (Farbar) C:\Users\Da Blazin JR\Desktop\FRST64.exe
2016-12-05 19:29 - 2016-12-05 19:29 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-12-05 19:29 - 2016-12-05 19:29 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-12-05 19:29 - 2016-12-05 19:29 - 00001164 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-12-05 19:29 - 2016-12-05 19:29 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Local\Zemana
2016-12-05 19:29 - 2016-12-05 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-12-05 19:29 - 2016-12-05 19:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-05 19:24 - 2016-12-05 19:27 - 00000000 ____D C:\FRST
2016-12-05 19:24 - 2016-12-05 19:24 - 05431336 _____ ( ) C:\Users\Da Blazin JR\Downloads\Zemana.AntiMalware.Setup.exe
2016-12-05 18:16 - 2016-12-05 18:16 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-05 18:09 - 2016-12-05 18:09 - 00880342 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-05 18:09 - 2016-12-05 18:09 - 00000111 _____ C:\Users\Da
2016-12-05 18:09 - 2016-12-05 18:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-12-05 18:09 - 2016-12-05 18:09 - 00000000 ____D C:\Users\Da Blazin JR\Intel
2016-12-05 18:09 - 2016-12-05 18:09 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\Intel Corporation
2016-12-05 17:24 - 2016-12-05 17:24 - 00000000 ____D C:\Users\Da Blazin JR\Desktop\Odin3_v3.12.3
2016-12-05 17:23 - 2016-12-05 17:23 - 01148949 _____ C:\Users\Da Blazin JR\Desktop\Odin3_v3.12.3.zip
2016-12-05 17:20 - 2016-12-05 17:25 - 1273972176 _____ C:\Users\Da Blazin JR\Desktop\J320P_J320PVPU1AOL2_J320PSPT1AOL2_SPR_5.1.1.zip
2016-12-05 16:57 - 2016-12-05 16:57 - 00002070 _____ C:\Users\Public\Desktop\Configure FlexiHub.lnk
2016-12-05 16:57 - 2016-12-05 16:57 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Local\Eltima Software
2016-12-05 16:57 - 2016-12-05 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltima Software
2016-12-05 16:57 - 2016-12-05 16:57 - 00000000 ____D C:\ProgramData\Eltima Software
2016-12-05 16:57 - 2016-12-05 16:57 - 00000000 ____D C:\ProgramData\AutoUpdate
2016-12-05 16:57 - 2016-10-04 13:50 - 00020616 _____ (ELTIMA Software) C:\Windows\system32\Drivers\eusbstub.sys
2016-12-05 16:52 - 2016-12-05 17:15 - 00000000 ____D C:\ProgramData\AnyDesk
2016-12-05 16:52 - 2016-12-05 16:52 - 00001904 _____ C:\Users\Public\Desktop\AnyDesk.lnk
2016-12-05 16:52 - 2016-12-05 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2016-12-05 16:52 - 2016-12-05 16:52 - 00000000 ____D C:\Program Files (x86)\AnyDesk
2016-12-05 16:50 - 2016-12-05 16:50 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\AnyDesk
2016-12-05 07:38 - 2016-12-05 07:38 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-12-05 07:38 - 2016-12-05 07:38 - 00002160 _____ C:\Windows\system32\.crusader
2016-12-05 07:35 - 2016-12-05 07:38 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-05 07:35 - 2016-12-05 07:35 - 11581544 _____ (SurfRight B.V.) C:\Users\Da Blazin JR\Downloads\hitmanpro_x64.exe
2016-12-05 07:35 - 2016-12-05 07:35 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-12-05 07:28 - 2016-12-05 07:28 - 01631928 _____ (Malwarebytes) C:\Users\Da Blazin JR\Downloads\JRT.exe
2016-12-05 07:20 - 2016-12-05 07:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Da Blazin JR\Downloads\rkill.com
2016-12-05 06:13 - 2016-12-05 06:13 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-05 06:13 - 2016-12-05 06:13 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-05 06:13 - 2016-12-05 06:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-05 05:04 - 2016-12-06 04:09 - 00000000 ____D C:\AdwCleaner
2016-12-05 05:04 - 2016-12-05 05:04 - 03968464 _____ C:\Users\Da Blazin JR\Downloads\adwcleaner_6.040.exe
2016-12-04 17:42 - 2016-12-05 06:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-12-04 16:12 - 2016-12-05 07:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-04 16:12 - 2016-12-04 16:12 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-04 16:12 - 2016-12-04 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-04 16:12 - 2016-12-04 16:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-04 16:12 - 2016-12-04 16:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-04 16:12 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-12-04 16:12 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-04 16:12 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-04 15:49 - 2016-12-04 15:49 - 00003646 _____ C:\Windows\System32\Tasks\InternetBE
2016-12-04 15:15 - 2016-12-04 15:15 - 04485255 _____ C:\Users\Da Blazin JR\Downloads\supersu.zip
2016-12-03 19:25 - 2016-05-16 23:02 - 02152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2016-12-03 19:25 - 2016-05-16 23:02 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2016-12-03 19:25 - 2016-05-16 23:02 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2016-12-03 19:25 - 2016-05-16 23:02 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2016-12-03 19:25 - 2016-05-16 23:02 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2016-12-03 19:25 - 2016-05-16 23:02 - 00126592 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
2016-12-03 19:25 - 2016-05-16 23:02 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2016-12-03 19:25 - 2016-05-16 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2016-12-03 19:25 - 2016-05-16 23:02 - 00018816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
2016-12-03 19:16 - 2016-12-03 19:25 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-12-01 04:52 - 2016-12-01 04:52 - 00001068 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2016-12-01 04:52 - 2016-12-01 04:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2016-11-27 19:43 - 2016-11-27 19:43 - 00000000 ____D C:\Users\Da Blazin JR\AppData\LocalLow\BitTorrent
2016-11-27 19:10 - 2016-11-27 19:10 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2016-11-27 18:55 - 2016-11-27 18:55 - 00000000 ____D C:\Users\Da Blazin JR\Desktop\Adobe CC 2015
2016-11-27 18:47 - 2016-11-27 18:48 - 00000000 ____D C:\Users\Da Blazin JR\Downloads\Adobe Audition CC 2015 8.0.0.192
2016-11-23 08:15 - 2016-11-23 08:16 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2016-11-23 08:15 - 2016-11-23 08:15 - 00002604 _____ C:\Users\Da Blazin JR\Desktop\Windows 7 USB DVD Download Tool.lnk
2016-11-23 08:15 - 2016-11-23 08:15 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2016-11-23 06:20 - 2016-11-23 06:20 - 01065376 _____ (Google Inc.) C:\Users\Da Blazin JR\Downloads\ChromeSetup.exe
2016-11-21 02:17 - 2016-11-21 02:19 - 00000000 ____D C:\Users\Da Blazin JR\Downloads\Karnivool - Asymmetry 2013 Rock 320kbps CBR MP3 [VX] [P2PDL]
2016-11-21 02:16 - 2016-11-21 02:27 - 127464208 _____ C:\Users\Da Blazin JR\Downloads\Themata__2005_.rar
2016-11-21 02:05 - 2016-11-21 02:07 - 00000000 ____D C:\Users\Da Blazin JR\Downloads\Karnivool - Sound Awake [2009] [320kbps] [1337x]
2016-11-20 09:30 - 2016-11-20 09:30 - 00001725 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-20 09:30 - 2016-11-20 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-20 09:30 - 2016-11-20 09:30 - 00000000 ____D C:\Program Files\iTunes
2016-11-20 09:30 - 2016-11-20 09:30 - 00000000 ____D C:\Program Files\iPod
2016-11-20 06:42 - 2016-11-20 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-11-20 06:42 - 2016-11-20 06:42 - 00000000 ____D C:\Program Files\7-Zip
2016-11-16 21:40 - 2016-12-06 04:08 - 00000000 ___RD C:\Users\Da Blazin JR\AppData\LocalLow\Mozilla
2016-11-16 10:43 - 2016-12-06 02:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-16 07:40 - 2016-11-16 07:40 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Local\Macromedia
2016-11-15 09:56 - 2016-12-06 05:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-15 09:56 - 2016-11-15 09:56 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-14 06:18 - 2016-11-14 06:18 - 00303161 _____ C:\Users\Da Blazin JR\Downloads\EligibilityNotice.pdf
2016-11-12 20:11 - 2016-12-05 18:26 - 00000000 ___HD C:\_acestream_cache_
2016-11-10 01:27 - 2016-11-02 15:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-10 01:27 - 2016-11-02 15:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-10 01:27 - 2016-11-02 09:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-10 01:27 - 2016-11-02 09:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-10 01:27 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-10 01:27 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-10 01:27 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-10 01:27 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-10 01:27 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-10 01:27 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-10 01:27 - 2016-10-27 13:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-11-10 01:27 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-10 01:27 - 2016-10-27 12:57 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-10 01:27 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-10 01:27 - 2016-10-27 12:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-10 01:27 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-10 01:27 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-10 01:27 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-10 01:27 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-10 01:27 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-10 01:27 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-10 01:27 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-10 01:27 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-10 01:27 - 2016-10-25 09:11 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-10 01:27 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-10 01:27 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-10 01:27 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-10 01:27 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-10 01:27 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-10 01:27 - 2016-10-22 11:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-11-10 01:27 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-10 01:27 - 2016-10-22 11:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-10 01:27 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-10 01:27 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-10 01:27 - 2016-10-22 11:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-10 01:27 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-10 01:27 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-10 01:27 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-10 01:27 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-10 01:27 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-10 01:27 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-10 01:27 - 2016-10-13 14:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-10 01:27 - 2016-10-13 14:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-10 01:27 - 2016-10-12 03:01 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-11-10 01:27 - 2016-10-11 15:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-11-10 01:27 - 2016-10-11 15:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-11-10 01:27 - 2016-10-11 13:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-11-10 01:27 - 2016-10-11 12:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-10 01:27 - 2016-10-11 11:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-10 01:27 - 2016-10-10 16:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-10 01:27 - 2016-10-10 16:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-10 01:27 - 2016-10-09 17:59 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-11-10 01:27 - 2016-10-08 18:12 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-10 01:27 - 2016-10-08 17:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-10 01:27 - 2016-10-08 17:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-10 01:27 - 2016-10-08 17:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-11-10 01:27 - 2016-10-08 17:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-10 01:27 - 2016-10-08 17:02 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-10 01:27 - 2016-10-08 16:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-10 01:27 - 2016-10-08 16:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-10 01:27 - 2016-10-07 20:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-10 01:27 - 2016-10-07 20:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-10 01:27 - 2016-10-04 15:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-10 01:27 - 2016-10-04 15:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-10 01:27 - 2016-10-04 15:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-10 01:27 - 2016-10-04 15:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-10 01:27 - 2016-09-09 17:52 - 00921944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2016-11-10 01:27 - 2016-09-09 17:14 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-11-10 01:27 - 2016-09-09 09:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-11-10 01:27 - 2016-09-09 09:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-11-10 01:27 - 2016-09-09 09:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-10 01:27 - 2016-09-09 09:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll
2016-11-10 01:27 - 2016-09-09 09:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll
2016-11-10 01:27 - 2016-09-09 08:38 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-11-10 01:27 - 2016-09-03 13:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll
2016-11-10 01:27 - 2016-09-03 13:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll
2016-11-10 01:27 - 2016-09-03 12:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll
2016-11-10 01:27 - 2016-09-03 12:18 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2016-11-10 01:27 - 2016-09-03 11:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-11-10 01:27 - 2016-09-03 11:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-11-10 01:27 - 2016-09-03 10:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-11-10 01:27 - 2016-09-02 09:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2016-11-10 01:27 - 2016-09-02 09:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2016-11-10 01:27 - 2016-09-01 09:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-11-10 01:27 - 2016-09-01 09:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-11-10 01:27 - 2016-09-01 09:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2016-11-10 01:27 - 2016-08-30 09:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2016-11-10 01:27 - 2016-08-29 21:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2016-11-10 01:27 - 2016-08-29 21:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2016-11-10 01:27 - 2016-08-29 21:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2016-11-10 01:27 - 2016-08-29 21:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2016-11-10 01:27 - 2016-08-22 08:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-06 06:17 - 2016-03-15 05:01 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052855340-2448865491-1758856555-1002UA.job
2016-12-06 06:12 - 2016-02-23 09:03 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1052855340-2448865491-1758856555-1002
2016-12-06 05:26 - 2016-02-23 09:45 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-06 04:15 - 2016-02-24 01:01 - 00000000 ____D C:\Users\Da Blazin JR
2016-12-06 02:23 - 2016-08-31 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-06 02:00 - 2016-03-05 12:48 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Local\Adobe
2016-12-06 01:05 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-12-06 01:05 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-12-05 20:08 - 2015-09-10 16:21 - 00000000 ____D C:\Windows\Panther
2016-12-05 20:07 - 2016-05-29 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DARK SOULS III
2016-12-05 18:20 - 2014-11-21 02:38 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-05 18:09 - 2016-03-15 03:35 - 00000000 ____D C:\ProgramData\Intel
2016-12-05 18:09 - 2016-02-23 09:20 - 00000000 ____D C:\Program Files\Intel
2016-12-05 18:05 - 2016-02-23 09:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-05 17:17 - 2016-03-15 05:01 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052855340-2448865491-1758856555-1002Core.job
2016-12-05 16:56 - 2016-07-13 18:19 - 00003376 _____ C:\Windows\System32\Tasks\iToolsDaemon
2016-12-05 16:56 - 2016-02-23 12:17 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-05 16:56 - 2016-02-23 09:40 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-12-05 16:56 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-05 06:13 - 2016-05-17 07:40 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\TeamViewer
2016-12-05 06:06 - 2016-03-07 16:21 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\Samsung
2016-12-05 06:06 - 2016-03-07 16:17 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-12-05 06:06 - 2016-02-23 09:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-05 06:05 - 2016-02-27 08:48 - 00000000 ____D C:\Windows\Minidump
2016-12-05 06:05 - 2016-02-23 11:52 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\BitTorrent
2016-12-04 15:50 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-12-04 09:14 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-12-02 04:59 - 2016-09-16 15:39 - 00000000 ____D C:\Users\Da Blazin JR\Documents\School
2016-12-01 07:20 - 2016-02-23 19:55 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\obs-studio
2016-12-01 04:52 - 2016-02-23 11:31 - 00000000 ____D C:\Program Files\Elgato
2016-11-29 23:34 - 2016-07-14 01:13 - 00002113 _____ C:\Users\Public\Desktop\AnkhBotR2.lnk
2016-11-27 19:10 - 2016-03-05 12:58 - 00000000 ____D C:\Program Files\Adobe
2016-11-27 19:10 - 2016-03-05 12:54 - 00001562 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-11-27 19:10 - 2016-03-05 12:54 - 00001550 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-11-27 19:10 - 2016-02-24 01:01 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\Adobe
2016-11-23 02:54 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-23 02:54 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-21 20:10 - 2016-10-19 23:06 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\discord
2016-11-20 09:59 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-11-20 09:30 - 2016-07-12 09:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-20 06:55 - 2016-07-23 16:21 - 00000000 ____D C:\Program Files (x86)\TransMac
2016-11-19 22:24 - 2016-09-08 00:59 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Local\SkypePlugin
2016-11-18 20:50 - 2016-02-23 11:38 - 00001222 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-11-15 09:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-15 09:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-15 06:10 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-11-14 22:12 - 2016-05-25 23:26 - 00000000 ____D C:\Users\Da Blazin JR\AppData\Roaming\vlc
2016-11-14 06:36 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-11-10 23:48 - 2015-09-10 16:14 - 00000000 ____D C:\Windows\system32\MRT
2016-11-10 23:48 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-11-10 23:46 - 2015-09-10 16:14 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2016-05-17 05:05 - 2016-05-17 05:05 - 0000000 _____ () C:\Program Files (x86)\log_17-05-2016.txt
2016-06-16 07:15 - 2016-06-16 07:15 - 0000132 _____ () C:\Users\Da Blazin JR\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-06-16 07:15 - 2016-10-19 03:34 - 0000132 _____ () C:\Users\Da Blazin JR\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-30 14:01 - 2016-05-29 00:05 - 240398848 _____ () C:\Users\Da Blazin JR\AppData\Roaming\Launcher.dat
2016-04-30 14:01 - 2016-05-29 00:05 - 0000009 _____ () C:\Users\Da Blazin JR\AppData\Roaming\update.dat
2016-04-30 14:02 - 2016-05-29 00:06 - 0000004 _____ () C:\Users\Da Blazin JR\AppData\Roaming\Microsoft\notaut.txt
2016-03-11 02:59 - 2016-03-11 02:59 - 0000017 _____ () C:\Users\Da Blazin JR\AppData\Local\si
2016-02-23 09:31 - 2016-02-23 09:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-17 04:59 - 2016-05-17 04:59 - 0000016 _____ () C:\ProgramData\mntexmp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-04 05:39
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 06 December 2016 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
FF Plugin HKU\S-1-5-21-1052855340-2448865491-1758856555-1002: @acestream.net/acestreamplugin,version=3.1.11 -> C:\Users\Da Blazin JR\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKU\S-1-5-21-1052855340-2448865491-1758856555-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-1052855340-2448865491-1758856555-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Da Blazin JR\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
Task: {0CF88330-4FB7-4102-9B7F-E67AB562A185} - \KMSAutoNet -> No File <==== ATTENTION
Task: {4C452A62-AF9C-4CFA-A60F-9A207A0FEA49} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {9E7F1F9F-F51A-4D10-8D34-559C35B38501} - \WPD\SqmUpload_S-1-5-21-1052855340-2448865491-1758856555-1001 -> No File <==== ATTENTION
Task: {C89EB585-F412-4E54-A7AF-DE78E63D567C} - \Optimize Start Menu Cache Files-S-1-5-21-1052855340-2448865491-1758856555-1001 -> No File <==== ATTENTION
C:\Users\Da Blazin JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please post the fixlog.txt and let me know what problem persists with this computer.

#3 Jr0535

Jr0535
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 06 December 2016 - 05:58 PM

Having the same issues. 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 07 December 2016 - 08:05 AM


Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.


If the problem persists run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#5 Jr0535

Jr0535
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 07 December 2016 - 09:44 PM

Thanks for the help guys. I managed to fix it myself though. I looked through the FRST log and found an entry around the time that the issue started. It was a task called InternetBE, I deleted the task and i haven't had the issue since. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 08 December 2016 - 10:23 AM

Thank you.

I have documented the site.
It will not happen again.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users