Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wonderlandads.com keep popping up in Chrome


  • This topic is locked This topic is locked
3 replies to this topic

#1 homevalue

homevalue

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 10 January 2017 - 07:45 PM

I keep getting Wonderlandads.com popups on Chrome. I've tried scanning with Malwarebytes and uninstalling Chrome, but nothing I've tried has worked.  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Rudy (administrator) on RUDY (10-01-2017 18:38:06)
Running from C:\Users\Rudy\Downloads
Loaded Profiles: Rudy (Available Profiles: Rudy & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Macrovision Corporation) D:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
(Macrovision Corporation) D:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
() D:\Program Files (x86)\UGS\UGSLicensing\ugslmd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Business-in-a-Box 2016\BIBLauncher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Belkin International, Inc.) C:\Program Files\Belkin\USB Control Center\Connect.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft) C:\Program Files (x86)\Microsoft MapPoint 2013\StreetsOlkShim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-02] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-01-20] ()
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Programs\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programs\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Run: [Grid] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe [401408 2013-08-30] ()
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77248 2016-06-24] (Intuit Inc.)
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Run: [MusicManager] => C:\Users\Rudy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Run: [Amazon Drive] => C:\Users\Rudy\AppData\Local\Amazon Drive\AmazonDrive.exe [4774072 2017-01-09] (Amazon.com Inc.)
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Run: [BIBLauncher] => C:\Program Files (x86)\Business-in-a-Box 2016\BIBLauncher.exe [3129712 2016-11-07] ()
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1350094238-562106355-365800467-1001\...\MountPoints2: {03b061cc-cc54-11e6-808b-60a44c2bec58} - "H:\Launch.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-01-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-01-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Rudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USB Control Center.lnk [2016-07-22]
ShortcutTarget: USB Control Center.lnk -> C:\Program Files\Belkin\USB Control Center\Connect.exe (Belkin International, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Hosts: 127.0.0.1 lm.licenses.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5afeb0bd-18aa-4e89-b84e-b5f96dbd35b7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{905b1917-7016-4084-b9c8-261ad013254f}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1350094238-562106355-365800467-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-01-05] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-08] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-01-05] (LastPass)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-08] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-01-05] (LastPass)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-01-05] (LastPass)
Toolbar: HKU\S-1-5-21-1350094238-562106355-365800467-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Programs\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Programs\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-01-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-01-25] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-02-11] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-08] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-01-25] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-10] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Programs\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-11] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1350094238-562106355-365800467-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Rudy\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1350094238-562106355-365800467-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Rudy\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://mail.ru/cnt/10445?gp=818410"
CHR Profile: C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default [2017-01-10]
CHR Extension: (Google Slides) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-10]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2017-01-10]
CHR Extension: (File Converter) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2017-01-10]
CHR Extension: (Google Docs) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-10]
CHR Extension: (Google Drive) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-10]
CHR Extension: (YouTube) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-10]
CHR Extension: (HP Print for Chrome) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjanmonomjogheabiocdamfpknlpdehm [2017-01-10]
CHR Extension: (Google Play Music) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-01-10]
CHR Extension: (Google Sheets) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-10]
CHR Extension: (Google Docs Offline) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-10]
CHR Extension: (Flixster) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2017-01-10]
CHR Extension: (Print) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2017-01-10]
CHR Extension: (Grammarly for Chrome) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-01-10]
CHR Extension: (Google Drawings) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2017-01-10]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-01-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-10]
CHR Extension: (Print Edit WE) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnblpmehglpcallpnbgmikjblmkopia [2017-01-10]
CHR Extension: (Gmail) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-10]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 Belkin USB Center Helper; C:\Program Files\Belkin\USB Control Center\Bkapcs.exe [55296 2013-07-30] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-28] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-12-02] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UGS License Server (ugslmd); D:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe [1327104 2007-02-02] (Macrovision Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 AU8168; C:\WINDOWS\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R3 BrSerIf; C:\WINDOWS\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
R2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [317880 2015-08-07] (silex technology, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-06] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-10 18:38 - 2017-01-10 18:38 - 00031255 _____ C:\Users\Rudy\Downloads\FRST.txt
2017-01-10 18:03 - 2017-01-10 18:03 - 00000000 ____D C:\Users\Rudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-10 17:51 - 2017-01-10 17:51 - 00001245 _____ C:\Users\Rudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Drive.lnk
2017-01-10 17:51 - 2017-01-10 17:51 - 00001233 _____ C:\Users\Rudy\Desktop\Amazon Drive.lnk
2017-01-10 17:51 - 2017-01-10 17:51 - 00000000 ____D C:\Users\Rudy\AppData\Roaming\Amazon Cloud Drive
2017-01-10 17:51 - 2017-01-10 17:51 - 00000000 ____D C:\Users\Rudy\AppData\Local\Amazon Drive
2017-01-10 17:49 - 2017-01-10 17:36 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-01-10 17:27 - 2017-01-10 17:27 - 34710200 _____ (Adlice Software ) C:\Users\Rudy\Downloads\setup.exe
2017-01-10 17:17 - 2017-01-10 17:17 - 00000000 ____D C:\ProgramData\Sophos
2017-01-10 17:16 - 2017-01-10 17:16 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-10 17:16 - 2017-01-10 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-10 17:16 - 2017-01-10 17:16 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-10 17:06 - 2017-01-10 17:16 - 00000000 ____D C:\Users\Rudy\Desktop\mbar
2017-01-10 17:06 - 2017-01-10 17:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Rudy\Downloads\mbar-1.09.3.1001 (1).exe
2017-01-10 17:05 - 2017-01-10 17:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Rudy\Downloads\mbar-1.09.3.1001.exe
2017-01-10 17:01 - 2017-01-10 17:16 - 160191512 _____ (Sophos Limited) C:\Users\Rudy\Downloads\Sophos Virus Removal Tool.exe
2017-01-10 17:01 - 2017-01-10 17:01 - 00448512 _____ (OldTimer Tools) C:\Users\Rudy\Downloads\TFC.exe
2017-01-10 16:35 - 2017-01-10 16:35 - 00081070 ____C C:\TDSSKiller.3.1.0.12_10.01.2017_16.35.16_log.txt
2017-01-10 15:29 - 2017-01-10 15:34 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-10 15:29 - 2017-01-10 15:34 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-10 15:29 - 2017-01-10 15:29 - 01065376 _____ (Google Inc.) C:\Users\Rudy\Downloads\ChromeSetup.exe
2017-01-10 15:29 - 2017-01-10 15:29 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-10 15:29 - 2017-01-10 15:29 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-10 15:28 - 2017-01-10 15:28 - 00080496 ____C C:\TDSSKiller.3.1.0.12_10.01.2017_15.28.20_log.txt
2017-01-10 15:22 - 2017-01-10 15:22 - 11523496 _____ (VS Revo Group ) C:\Users\Rudy\Downloads\RevoUninProSetup.exe
2017-01-10 15:22 - 2017-01-10 15:22 - 00001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-01-10 15:22 - 2017-01-10 15:22 - 00000000 ____D C:\Users\Rudy\AppData\Local\VS Revo Group
2017-01-10 15:22 - 2017-01-10 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-01-10 15:22 - 2017-01-10 15:22 - 00000000 ____D C:\Program Files\VS Revo Group
2017-01-10 15:22 - 2016-12-21 14:52 - 00040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2017-01-10 14:20 - 2017-01-10 16:18 - 00005938 _____ C:\Users\Rudy\Desktop\Rkill.txt
2017-01-09 16:53 - 2017-01-09 16:53 - 01309184 _____ C:\Users\Rudy\Downloads\zoek (1).exe
2017-01-09 16:33 - 2017-01-10 17:48 - 00000000 ___DC C:\zoek_backup
2017-01-09 16:33 - 2017-01-09 16:33 - 01309184 _____ C:\Users\Rudy\Downloads\zoek.exe
2017-01-09 15:43 - 2017-01-09 15:43 - 00243658 _____ C:\Users\Rudy\Downloads\ValutrustOrder.pdf
2017-01-09 12:51 - 2017-01-10 17:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-09 12:51 - 2017-01-10 17:06 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-09 12:51 - 2017-01-09 12:52 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-09 12:51 - 2017-01-09 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-09 12:51 - 2017-01-09 12:52 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-01-09 12:51 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-09 12:51 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-09 12:40 - 2017-01-09 12:40 - 54199488 _____ (Malwarebytes ) C:\Users\Rudy\Downloads\mb3-setup-consumer-3.0.5.1299 (1).exe
2017-01-09 12:39 - 2017-01-09 12:39 - 00082202 ____C C:\TDSSKiller.3.1.0.12_09.01.2017_12.39.04_log.txt
2017-01-09 12:38 - 2017-01-09 12:39 - 00000492 ____C C:\TDSSKiller.3.1.0.12_09.01.2017_12.38.58_log.txt
2017-01-09 12:28 - 2017-01-09 12:28 - 00080384 ____C C:\TDSSKiller.3.1.0.12_09.01.2017_12.28.37_log.txt
2017-01-09 10:27 - 2017-01-09 10:27 - 00000641 _____ C:\Users\Rudy\Downloads\2017 - Shortcut.lnk
2017-01-09 10:01 - 2017-01-09 10:01 - 00080246 ____C C:\TDSSKiller.3.1.0.12_09.01.2017_10.01.09_log.txt
2017-01-09 09:52 - 2017-01-09 09:52 - 00000595 _____ C:\Users\Rudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2017-01-09 09:27 - 2017-01-09 09:27 - 00080962 ____C C:\TDSSKiller.3.1.0.12_09.01.2017_09.27.26_log.txt
2017-01-09 09:18 - 2017-01-10 16:34 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-09 09:12 - 2017-01-09 09:12 - 00000000 ____D C:\Users\Rudy\Downloads\FRST-OlderVersion
2017-01-07 19:07 - 2017-01-07 19:07 - 00080104 ____C C:\TDSSKiller.3.1.0.12_07.01.2017_19.07.11_log.txt
2017-01-07 19:05 - 2017-01-10 16:35 - 00000547 _____ C:\Users\Rudy\Desktop\JRT.txt
2017-01-07 19:05 - 2017-01-07 19:05 - 00005292 ____C C:\TDSSKiller.3.1.0.12_07.01.2017_19.05.41_log.txt
2017-01-07 18:59 - 2017-01-10 16:31 - 00050833 _____ C:\Users\Rudy\Downloads\Addition.txt
2017-01-07 18:58 - 2017-01-10 18:38 - 00000000 ___DC C:\FRST
2017-01-07 18:58 - 2017-01-09 09:12 - 02419200 ____C (Farbar) C:\Users\Rudy\Downloads\FRST64.exe
2017-01-07 13:27 - 2017-01-07 13:27 - 00081310 ____C C:\TDSSKiller.3.1.0.12_07.01.2017_13.27.06_log.txt
2017-01-07 12:07 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-07 12:03 - 2017-01-07 12:06 - 54199488 _____ (Malwarebytes ) C:\Users\Rudy\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-07 11:05 - 2017-01-07 11:09 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-07 10:58 - 2017-01-09 12:29 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-01-07 10:58 - 2017-01-07 10:58 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-01-07 10:57 - 2017-01-07 10:58 - 00752296 _____ C:\Users\Rudy\Downloads\Adware Removal Tool by TSA.exe
2017-01-07 09:29 - 2017-01-07 09:29 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-01-06 20:07 - 2017-01-10 18:37 - 00089158 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-06 20:07 - 2017-01-10 18:37 - 00057660 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-06 20:06 - 2017-01-06 20:06 - 05234112 _____ (Zemana Ltd.) C:\Users\Rudy\Downloads\Zemana.AntiMalware.Portable.exe
2017-01-06 20:06 - 2017-01-06 20:06 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-06 20:06 - 2017-01-06 20:06 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-01-06 20:06 - 2017-01-06 20:06 - 00000000 ____D C:\Users\Rudy\AppData\Local\Zemana
2017-01-06 18:43 - 2017-01-06 18:43 - 02220814 _____ C:\Users\Rudy\Desktop\bookmarks_1_6_17.html
2017-01-06 14:59 - 2017-01-06 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UGS Licensing
2017-01-06 14:46 - 2017-01-06 14:46 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Rudy\Downloads\tdsskiller.exe
2017-01-06 14:46 - 2017-01-06 14:46 - 00080384 ____C C:\TDSSKiller.3.1.0.12_06.01.2017_14.46.07_log.txt
2017-01-06 14:41 - 2017-01-06 14:42 - 01663040 _____ (Malwarebytes) C:\Users\Rudy\Downloads\JRT.exe
2017-01-06 14:30 - 2017-01-06 14:34 - 03988944 _____ C:\Users\Rudy\Downloads\adwcleaner_6.042.exe
2017-01-06 14:25 - 2017-01-06 14:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Rudy\Downloads\rkill.exe
2017-01-06 14:13 - 2017-01-06 15:59 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2017-01-06 14:13 - 2017-01-06 15:59 - 00001163 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2017-01-06 10:04 - 2017-01-06 10:04 - 00003678 _____ C:\WINDOWS\System32\Tasks\TaskSched
2017-01-05 16:42 - 2017-01-05 16:42 - 00000000 ____D C:\Users\Administrator\Documents\Custom Office Templates
2017-01-05 16:30 - 2017-01-05 16:30 - 00000000 ____D C:\Users\Administrator\AppData\Local\AMD
2017-01-05 15:45 - 2017-01-05 15:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2017-01-05 15:45 - 2017-01-05 15:45 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Apple Computer
2017-01-05 15:22 - 2017-01-05 16:30 - 00000000 ____D C:\Users\Administrator\AppData\Local\Unigraphics Solutions
2017-01-05 15:00 - 2017-01-05 15:00 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
2017-01-05 15:00 - 2017-01-05 15:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-01-05 14:46 - 2017-01-05 14:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
2017-01-05 14:42 - 2017-01-05 14:42 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-05 14:42 - 2017-01-05 14:42 - 00002417 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-05 14:42 - 2017-01-05 14:42 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-01-05 14:42 - 2017-01-05 14:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-01-05 14:42 - 2017-01-05 14:42 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\LastPass
2017-01-05 14:42 - 2017-01-05 14:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2017-01-05 14:41 - 2017-01-06 19:05 - 00002328 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-01-05 14:41 - 2017-01-05 16:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-01-05 14:41 - 2017-01-05 16:10 - 00000000 ____D C:\Users\Administrator
2017-01-05 14:41 - 2017-01-05 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2017-01-05 14:41 - 2017-01-05 15:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-01-05 14:41 - 2017-01-05 14:41 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-01-05 14:41 - 2017-01-05 14:41 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-01-05 14:41 - 2017-01-05 14:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-01-05 14:41 - 2017-01-05 14:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-01-05 14:41 - 2017-01-05 14:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-01-05 14:41 - 2017-01-05 14:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2017-01-05 14:41 - 2017-01-05 14:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2017-01-05 14:41 - 2017-01-05 14:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-01-05 14:41 - 2016-12-01 23:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2017-01-05 14:41 - 2016-12-01 23:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2017-01-05 14:41 - 2016-12-01 23:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2017-01-05 14:41 - 2016-12-01 23:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2017-01-03 19:07 - 2017-01-03 19:44 - 05204610 _____ C:\Users\Rudy\Desktop\Linksys User Guide.pdf
2016-12-30 18:06 - 2017-01-02 11:51 - 00013042 _____ C:\Users\Rudy\Desktop\Electric.xlsx
2016-12-29 20:06 - 2017-01-07 10:44 - 00000000 ____D C:\Users\Rudy\AppData\LocalLow\uTorrent
2016-12-28 10:19 - 2017-01-10 17:51 - 00000000 ___RD C:\Users\Rudy\Dropbox
2016-12-28 10:19 - 2016-12-28 10:19 - 00001299 _____ C:\Users\Rudy\Desktop\Dropbox.lnk
2016-12-28 10:18 - 2016-12-28 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-28 10:17 - 2016-12-28 11:31 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-28 10:17 - 2016-12-28 11:31 - 00000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-28 10:17 - 2016-12-28 10:22 - 00003974 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-12-28 10:17 - 2016-12-28 10:22 - 00003742 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-12-28 10:17 - 2016-12-28 10:19 - 00000000 ____D C:\Users\Rudy\AppData\Local\Dropbox
2016-12-28 10:17 - 2016-12-28 10:18 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-28 10:17 - 2016-12-28 10:17 - 00000000 ____D C:\Users\Rudy\AppData\Roaming\Dropbox
2016-12-28 10:17 - 2016-12-28 10:17 - 00000000 ____D C:\ProgramData\Dropbox
2016-12-27 12:40 - 2016-12-27 12:40 - 00000641 _____ C:\Users\Rudy\Downloads\2016 - Shortcut.lnk
2016-12-21 12:15 - 2016-12-21 12:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-21 12:15 - 2016-12-21 12:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-21 12:15 - 2016-12-21 12:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-21 12:15 - 2016-12-21 12:15 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-20 15:43 - 2016-12-20 15:43 - 00000000 _____ C:\WINDOWS\BIB.INI
2016-12-20 15:27 - 2016-12-20 15:27 - 00079742 _____ C:\Users\Rudy\Desktop\Overkill Purchase Order 122016.pdf
2016-12-20 14:56 - 2016-12-20 15:29 - 00033082 _____ C:\Users\Rudy\Desktop\purchase-order.xlsx
2016-12-20 14:51 - 2016-12-20 15:43 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Business-in-a-Box 2016.lnk
2016-12-20 14:51 - 2016-12-20 15:43 - 00001233 _____ C:\Users\Public\Desktop\Business-in-a-Box 2016.lnk
2016-12-20 14:51 - 2016-12-20 14:51 - 00000000 ___HD C:\ProgramData\Common Files
2016-12-20 14:51 - 2016-12-20 14:51 - 00000000 ____D C:\Users\Rudy\Documents\Business-in-a-Box Files
2016-12-20 14:51 - 2016-12-20 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business-in-a-Box 2016
2016-12-20 14:51 - 2016-12-20 14:51 - 00000000 ____D C:\ProgramData\Biztree
2016-12-20 14:51 - 2005-02-10 20:04 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2016-12-20 14:50 - 2016-12-20 15:43 - 00000000 ____D C:\Program Files (x86)\Business-in-a-Box 2016
2016-12-20 14:49 - 2016-12-20 14:49 - 00495504 _____ (Biztree Inc.) C:\Users\Rudy\Desktop\Business-in-a-Box_Setup.exe
2016-12-20 08:56 - 2016-12-20 08:56 - 00015343 _____ C:\Users\Rudy\Desktop\Overkill profoma.docx
2016-12-19 15:34 - 2016-12-19 15:34 - 00000000 ____D C:\Users\Rudy\AppData\Local\CEF
2016-12-19 14:25 - 2017-01-06 12:21 - 00000000 ____D C:\Users\Rudy\AppData\Roaming\TakeOwnershipEx
2016-12-19 14:25 - 2016-12-19 14:25 - 00000867 _____ C:\Users\Public\Desktop\TakeOwnershipEx.lnk
2016-12-19 14:25 - 2016-12-19 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TakeOwnershipEx
2016-12-16 09:22 - 2016-12-16 09:22 - 00008439 _____ C:\Users\Rudy\Desktop\Overkill Orders to Refund.xlsx
2016-12-14 01:58 - 2016-12-09 03:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 01:57 - 2016-12-09 04:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 01:57 - 2016-12-09 04:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 01:57 - 2016-12-09 04:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 01:57 - 2016-12-09 04:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 01:57 - 2016-12-09 04:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 01:57 - 2016-12-09 03:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 01:57 - 2016-12-09 03:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 01:57 - 2016-12-09 03:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 01:57 - 2016-12-09 03:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 01:57 - 2016-12-09 03:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 01:57 - 2016-12-09 03:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 01:57 - 2016-12-09 03:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 01:57 - 2016-12-09 03:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 01:57 - 2016-12-09 03:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 01:57 - 2016-12-09 03:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 01:57 - 2016-12-09 03:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 01:57 - 2016-12-09 03:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 01:57 - 2016-12-09 03:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 01:57 - 2016-12-09 03:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 01:57 - 2016-12-09 03:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 01:57 - 2016-12-09 03:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 01:57 - 2016-12-09 03:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 01:57 - 2016-12-09 03:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 01:57 - 2016-12-09 03:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 01:57 - 2016-12-09 03:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 01:57 - 2016-12-09 03:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 01:57 - 2016-12-09 03:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 01:57 - 2016-12-09 03:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 01:57 - 2016-12-09 03:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 01:57 - 2016-12-09 03:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 01:57 - 2016-12-09 03:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 01:57 - 2016-12-09 03:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 01:57 - 2016-12-09 03:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 01:57 - 2016-12-09 03:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 01:57 - 2016-12-09 03:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 01:57 - 2016-12-09 03:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 01:57 - 2016-12-09 03:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 01:57 - 2016-12-09 03:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 01:57 - 2016-12-09 03:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 01:57 - 2016-12-09 02:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 01:57 - 2016-11-02 04:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 01:52 - 2016-12-09 04:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 01:52 - 2016-12-09 04:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 01:52 - 2016-12-09 04:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 01:52 - 2016-12-09 04:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 01:52 - 2016-12-09 03:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 01:52 - 2016-12-09 03:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 01:52 - 2016-12-09 03:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 01:52 - 2016-12-09 03:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 01:52 - 2016-12-09 03:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 01:52 - 2016-12-09 03:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 01:52 - 2016-12-09 03:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 01:52 - 2016-12-09 03:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 01:52 - 2016-12-09 03:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 01:52 - 2016-12-09 03:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 01:52 - 2016-12-09 03:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 01:52 - 2016-12-09 03:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 01:52 - 2016-12-09 03:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 01:52 - 2016-09-15 10:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-14 01:51 - 2016-12-09 04:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 01:51 - 2016-12-09 04:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 01:51 - 2016-12-09 04:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 01:51 - 2016-12-09 04:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 01:51 - 2016-12-09 04:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 01:51 - 2016-12-09 04:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 01:51 - 2016-12-09 04:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 01:51 - 2016-12-09 04:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 01:51 - 2016-12-09 04:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 01:51 - 2016-12-09 04:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 01:51 - 2016-12-09 04:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 01:51 - 2016-12-09 04:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 01:51 - 2016-12-09 04:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 01:51 - 2016-12-09 04:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 01:51 - 2016-12-09 04:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 01:51 - 2016-12-09 04:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 01:51 - 2016-12-09 04:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 01:51 - 2016-12-09 04:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 01:51 - 2016-12-09 04:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 01:51 - 2016-12-09 04:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 01:51 - 2016-12-09 04:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 01:51 - 2016-12-09 04:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 01:51 - 2016-12-09 03:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 01:51 - 2016-12-09 03:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 01:51 - 2016-12-09 03:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 01:51 - 2016-12-09 03:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 01:51 - 2016-12-09 03:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 01:51 - 2016-12-09 03:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 01:51 - 2016-12-09 03:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 01:51 - 2016-12-09 03:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 01:51 - 2016-12-09 03:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 01:51 - 2016-12-09 03:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 01:51 - 2016-12-09 03:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 01:51 - 2016-12-09 03:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 01:51 - 2016-12-09 03:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 01:51 - 2016-12-09 03:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 01:51 - 2016-12-09 03:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 01:51 - 2016-12-09 03:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 01:51 - 2016-12-09 03:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 01:51 - 2016-12-09 03:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 01:51 - 2016-12-09 03:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 01:51 - 2016-12-09 03:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 01:51 - 2016-12-09 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 01:50 - 2016-12-09 04:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 01:50 - 2016-12-09 04:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 01:50 - 2016-12-09 04:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 01:50 - 2016-12-09 04:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 01:50 - 2016-12-09 04:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 01:50 - 2016-12-09 04:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 01:50 - 2016-12-09 03:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 01:50 - 2016-12-09 03:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 01:50 - 2016-12-09 03:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 01:50 - 2016-12-09 03:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 01:50 - 2016-12-09 03:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 01:50 - 2016-12-09 03:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 01:50 - 2016-11-02 04:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 16:49 - 2016-12-13 16:49 - 00116430 _____ C:\Users\Rudy\Desktop\Huesien.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-10 18:26 - 2016-12-01 23:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-10 18:17 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 18:15 - 2014-02-11 12:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 18:13 - 2014-02-11 12:09 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 17:56 - 2015-09-01 06:45 - 02053952 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-10 17:51 - 2016-03-31 10:00 - 00000000 ___RD C:\Users\Rudy\iCloudDrive
2017-01-10 17:50 - 2016-12-01 23:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-10 17:49 - 2016-07-16 00:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-10 16:36 - 2015-09-01 20:41 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-10 16:35 - 2015-07-28 09:39 - 00000000 ____D C:\WINDOWS\pss
2017-01-10 16:33 - 2015-07-28 11:57 - 00000000 ___DC C:\AdwCleaner
2017-01-10 16:26 - 2016-12-01 23:31 - 00000000 ____D C:\Users\Rudy
2017-01-10 16:26 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-10 16:26 - 2013-08-22 09:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-10 15:29 - 2014-02-11 21:25 - 00000000 ____D C:\Users\Rudy\AppData\Local\Google
2017-01-10 15:29 - 2014-02-11 21:25 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-10 15:23 - 2014-02-13 11:23 - 00000000 ____D C:\ProgramData\alamode
2017-01-10 02:00 - 2014-02-11 22:50 - 00000000 ____D C:\Users\Rudy\AppData\Local\Adobe
2017-01-10 00:39 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-10 00:39 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-09 16:42 - 2014-02-20 14:23 - 00000000 ____D C:\Users\Rudy\AppData\Roaming\FileZilla
2017-01-09 12:48 - 2014-12-22 12:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-09 10:07 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-09 09:48 - 2014-02-10 21:56 - 00000000 ____D C:\Users\Rudy\AppData\Local\Packages
2017-01-07 12:40 - 2015-07-10 15:51 - 00001400 _____ C:\Users\Rudy\Desktop\Internet Explorer.lnk
2017-01-07 12:04 - 2015-11-19 15:08 - 00000000 ____D C:\Users\Rudy\AppData\Roaming\uTorrent
2017-01-07 11:58 - 2015-06-11 14:29 - 00000000 ____D C:\Users\Rudy\AppData\Local\ElevatedDiagnostics
2017-01-07 10:48 - 2015-04-25 13:59 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-06 21:10 - 2014-02-12 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UGS NX 5.0
2017-01-06 19:05 - 2016-01-14 13:08 - 00000034 _____ C:\WINDOWS\SysWOW64\BD7040.DAT
2017-01-06 14:39 - 2016-12-01 23:27 - 05047232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-06 10:20 - 2014-02-20 23:23 - 00000000 ____D C:\Users\Rudy\AppData\Roaming\TeamViewer
2017-01-06 10:20 - 2014-02-11 08:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-05 20:25 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-05 14:49 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-05 14:42 - 2016-01-25 09:51 - 00000000 ____D C:\Program Files (x86)\LastPass
2017-01-05 14:41 - 2015-09-01 09:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-03 20:13 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-28 12:42 - 2016-02-04 18:27 - 00000000 ____D C:\Users\Rudy\AppData\Local\MSfree Inc
2016-12-28 09:20 - 2016-12-01 23:31 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{b794f0c9-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 08:48 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-22 17:13 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:13 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-21 13:17 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-21 13:15 - 2014-02-11 19:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-21 12:34 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-21 07:28 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-20 14:51 - 2014-02-11 14:06 - 00000000 ___RD C:\Users\Rudy\Documents
2016-12-20 06:53 - 2016-07-16 05:47 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-19 14:42 - 2014-02-10 21:56 - 00000000 ____D C:\Users\Rudy\AppData\Local\VirtualStore
2016-12-19 14:34 - 2016-07-16 00:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-19 14:33 - 2016-12-01 23:26 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 14:33 - 2016-12-01 23:26 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TM.blf
2016-12-19 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-19 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-19 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-19 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-19 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-19 14:32 - 2016-07-16 05:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-19 14:00 - 2016-01-25 09:51 - 00000000 ____D C:\Users\Rudy\AppData\LocalLow\LastPass
2016-12-16 06:50 - 2016-12-01 23:27 - 00000435 _____ C:\WINDOWS\BRWMARK.INI
2016-12-14 17:25 - 2016-02-17 16:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-14 00:41 - 2016-12-01 23:40 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-14 00:41 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 00:41 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-12 13:40 - 2016-12-01 23:31 - 00524288 ___SH C:\Users\Rudy\NTUSER.DAT{ecbe4cfc-b84f-11e6-b9bc-f5b709a6986d}.TMContainer00000000000000000001.regtrans-ms
2016-12-11 23:48 - 2014-02-10 21:56 - 00000000 ___SD C:\Users\Rudy\AppData\LocalLow\Microsoft
 
==================== Files in the root of some directories =======
 
2016-01-25 09:52 - 2016-01-25 09:52 - 21401112 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-21 20:30 - 2014-02-21 20:30 - 0099384 _____ () C:\Users\Rudy\AppData\Roaming\inst.exe
2014-02-21 20:30 - 2014-02-21 20:30 - 0007859 _____ () C:\Users\Rudy\AppData\Roaming\pcouffin.cat
2014-02-21 20:30 - 2014-02-21 20:30 - 0001167 _____ () C:\Users\Rudy\AppData\Roaming\pcouffin.inf
2014-02-21 20:30 - 2014-02-21 20:30 - 0000055 _____ () C:\Users\Rudy\AppData\Roaming\pcouffin.log
2014-02-21 20:30 - 2014-02-21 20:30 - 0082816 _____ (VSO Software) C:\Users\Rudy\AppData\Roaming\pcouffin.sys
2014-03-19 13:32 - 2014-11-17 00:32 - 0000117 _____ () C:\Users\Rudy\AppData\Roaming\WB.CFG
2014-06-18 09:14 - 2016-01-29 22:17 - 0053248 _____ () C:\Users\Rudy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-19 09:16 - 2016-01-19 09:17 - 0007605 _____ () C:\Users\Rudy\AppData\Local\resmon.resmoncfg
2016-12-01 23:29 - 2016-12-01 23:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Rudy\AppData\Local\Temp\AmazonDriveSetup.exe
C:\Users\Rudy\AppData\Local\Temp\AmazonDriveSetupQ.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-01 00:12
 
==================== End of FRST.txt ============================
 
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 11 January 2017 - 11:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1350094238-562106355-365800467-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\Rudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-10]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
CustomCLSID: HKU\S-1-5-21-1350094238-562106355-365800467-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Rudy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1350094238-562106355-365800467-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Rudy\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {06320135-DF9C-4A42-83E6-005C65AD49CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1AA5E9F0-3AF4-431B-98A7-DA606DCA9512} - \WPD\SqmUpload_S-1-5-21-1350094238-562106355-365800467-1001 -> No File <==== ATTENTION
Task: {1B5CFEF5-ABD3-4F3F-9FBB-D2EE5D67DFC0} - \iolo System Checkup -> No File <==== ATTENTION
Task: {2D3E5ABE-03AE-4ED1-BB6F-9537789DCD8E} - \SUPERAntiSpyware Scheduled Task b5c8d769-c6f0-4a8f-a547-8f6267025071 -> No File <==== ATTENTION
Task: {2EB96090-DC9A-4D70-82A9-C7785BB5AC4A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {454AFEB5-40CD-4930-BC40-FABC7CEA6513} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {779EF717-B5FD-4B0F-9FC1-73E30E7E62AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {816B91BB-9957-42D6-9163-92A3AF19D551} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9D98FF1A-3F59-481C-BEAF-253C87D6E928} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9FE47837-D9D6-4FA3-9697-359E241FB5B7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A5CA263D-624A-46B3-BED7-854737BB339F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D92A934E-5FD9-4EFB-9ED0-1DDDEE970CC1} - System32\Tasks\{09AE31AE-6039-4803-9CCC-30177406232B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {E01CD3D5-69CC-483B-9F93-195BFC1061F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F59FCB17-3D78-47E7-942D-152AF225B629} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F9376508-0AF4-41EF-AA8B-C40551B78919} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/
===

Your version of Java is also outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

If still present after the updates you can remove the old version(s) via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

#3 homevalue

homevalue
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 11 January 2017 - 02:54 PM

Thank you for the reply nasdaq.  I figured it out.  The gjdksleeeee.ru was being redirected to wonderlands site.  Turns out there was a scheduled task scheduled to run 23 minutes.  Removed the task and it has stopped.  You can close this topic.  



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 12 January 2017 - 08:44 AM

Thank you for the information.

Documented.

I suggest you update the Adobe programs.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users