Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Onclkds but scanners do not find it!


  • This topic is locked This topic is locked
3 replies to this topic

#1 willmarpo

willmarpo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 31 January 2017 - 08:36 PM

Hi.
My son started playing online games in my laptop. I had VIPRE antivirus with web defense activated, so I thought I could not get an infection, well it happened. 
 
Symptoms: When I open IE, and write an address of a site, it gets redirected to a searchtext.pro/dori page. Then, in IE, Firefox and Chrome, at first load, when I load a page, any click I do opens a new window with an address onclkds.com/?zoneid= 
 
First, I downloaded Malwarebytes and ran it, it discovered PUP.Optional.Spigot, which I removed. But the problem was still there. Then I tried with other malware scanners: Zemana.AntiMalware, hitmanpro, adwcleaner, Adware Removal Tool by TSA, Bitdefender antimalware, SUPERAntiSpyware, JRT, Karspersky, msert, Spybot, grind, 360 Security. NOTHING. None of them discovers any malware. Well, Grind discovered a registry entry for RMPL.Shopper, and SUPERAntiSpyware encountered traces of Scorpion. 
 
Manually cleaning: I checked and there are no suspicious installs, no addons, I did a reset of all three browsers, I even reinstalled from scratch Firefox, I checked services, running processes, startup apps, checked on regedit… NOTHING. 
Any ideas? 
 
FSRT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by wmartinez (administrator) on ULTRA-GUIACO (27-01-2017 20:27:21)
Running from C:\Users\wmartinez\Downloads
Loaded Profiles: wmartinez & Administrador (Available Profiles: wmartinez & Administrador)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CodeGear) C:\Program Files (x86)\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\wmartinez\AppData\Local\Citrix\GoToMeeting\4007\g2mstart.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(LogMeIn, Inc) C:\Users\wmartinez\AppData\Local\join.me.launcher\join.me.launcher.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 6\CyberGhost.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\wmartinez\AppData\Local\Citrix\GoToMeeting\4007\g2mcomm.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\wmartinez\AppData\Local\Citrix\GoToMeeting\4007\g2mlauncher.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Simon Tatham) C:\Program Files (x86)\Atlassian\SourceTree\tools\putty\pageant.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn.exe
(hxxp://tortoisegit.org/) C:\Program Files\TortoiseGit\bin\TGitCache.exe
() C:\Program Files (x86)\Git\cmd\git.exe
(The Git Development Community) C:\Program Files (x86)\Git\bin\git.exe
(The Git Development Community) C:\Program Files (x86)\Git\libexec\git-core\git-remote-https.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [286632 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3015696 2016-02-29] (ThreatTrack Security Inc.)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [480992 2015-03-23] ()
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1939880 2017-01-22] (QIHU 360 SOFTWARE CO. LIMITED)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2014-10-05] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2014-10-05] ()
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\Run: [GoToMeeting] => C:\Users\wmartinez\AppData\Local\Citrix\GoToMeeting\4007\g2mstart.exe [41536 2015-11-23] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\Run: [Dropbox Update] => C:\Users\wmartinez\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\Run: [join.me.launcher] => C:\Users\wmartinez\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1212976 2017-01-26] (CyberGhost S.R.L.)
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-374155167-3560257060-3864837840-1000\...\MountPoints2: {6a101b16-fcb4-11e3-a281-b86b23ce650d} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Offline Files] -> {4E77131D-3629-431c-9818-C5679DC83E81} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-04-29]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-12-21]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\wmartinez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-01-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\wmartinez\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\wmartinez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe [2011-06-14] (Oracle Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{14944D0C-FE79-44DE-9EAB-F7933395878C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{42822E0B-6433-43AA-AC83-646C67EB807E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B8189A68-A9A2-4AE6-8E3A-C9A122525A0F}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-01-22] (Qihu 360 Software Co., Ltd.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-01-22] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
DPF: HKLM-x32 {0AE66022-15D3-4EB8-95ED-06E0E5CC484D} hxxps://www.personas.bancobcr.com/HermesDSApp/DigSigSetup.exe
DPF: HKLM-x32 {721700FE-7F0E-49C5-BDED-CA92B7CB1245} hxxp://grandhaven.cam.leanlogistics.com/camclictrl.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
 
FireFox:
========
FF ProfilePath: C:\Users\wmartinez\AppData\Roaming\Mozilla\Firefox\Profiles\sbm16kzt.default-1485458200216 [2017-01-27]
FF Extension: (Protección de Internet 360) - C:\Users\wmartinez\AppData\Roaming\Mozilla\Firefox\Profiles\sbm16kzt.default-1485458200216\Extensions\WebProtection@360safe.com [2017-01-27]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Mozilla\Firefox\Profiles\sbm16kzt.default-1485458200216\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-27] [not signed]
FF ProfilePath: C:\Users\wmartinez\AppData\Roaming\Infogrid Pacific Pte. Ltd\AZARDI-2.0\Profiles\wrcqr01j.default [2015-01-16]
FF ProfilePath: C:\Users\wmartinez\AppData\Roaming\Flickr\Flickr Uploadr\Profiles\04x6wpzr.default [2015-12-12]
FF ProfilePath: C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default [2015-01-16]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\activeView@bluegriffon.com.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\csseditor@bluegriffon.com.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\eyedropper@bluegriffon.com.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\fullscreen@bluegriffon.com.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\langpack-fr@bluegriffon.org.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\snippets@bluegriffon.com.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\svg-edit@googlegroups.com.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\tablelayout@bluegriffon.com.xpi [2015-01-16] [not signed]
FF Extension: (No Name) - C:\Users\wmartinez\AppData\Roaming\Disruptive Innovations SAS\BlueGriffonEPUBEdition\Profiles\xbfzdxz9.default\Extensions\wordcount@bluegriffon.com.xpi [2015-01-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-14] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-07-22] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-374155167-3560257060-3864837840-1000: @citrixonline.com/appdetectorplugin -> C:\Users\wmartinez\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-374155167-3560257060-3864837840-1000: @tools.google.com/Google Update;version=3 -> C:\Users\wmartinez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-374155167-3560257060-3864837840-1000: @tools.google.com/Google Update;version=9 -> C:\Users\wmartinez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-374155167-3560257060-3864837840-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\wmartinez\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-09] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2014-08-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2014-08-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\wmartinez\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-03-20] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default [2017-01-27]
CHR Extension: (Presentaciones de Google) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-05]
CHR Extension: (Google Docs) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-05]
CHR Extension: (Google Drive) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (YouTube) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (REST Console) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2016-11-18]
CHR Extension: (Búsqueda de Google) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Tabs Outliner) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2016-01-17]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Protección de Internet 360) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2017-01-26]
CHR Extension: (AngularJS Batarang) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-09]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKU\S-1-5-21-374155167-3560257060-3864837840-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\WMARTI~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-12-09]
CHR HKU\S-1-5-21-374155167-3560257060-3864837840-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BlackfishSQL; C:\Program Files (x86)\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe [65536 2007-12-11] (CodeGear) [File not signed]
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-01-26] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 gpsvc; C:\windows\SysWOW64\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [192856 2012-02-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini [8925 2015-05-27] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-07-22] (Nitro Software, Inc.)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-07-22] ()
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [81024 2015-03-23] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [81024 2015-03-23] (The OpenVPN Project)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928168 2017-01-22] (QIHU 360 SOFTWARE CO. LIMITED)
S3 Redis; C:\Program Files\Redis\redis-server.exe [1419776 2015-09-08] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [92792 2007-11-06] (CACE Technologies)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6602192 2016-02-29] (ThreatTrack Security Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [373264 2016-02-29] (ThreatTrack Security Inc.)
R3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [6816744 2015-10-16] (ThreatTrack Security Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\windows\System32\Drivers\360AntiHacker64.sys [151784 2017-01-22] (360.cn)
R3 360AvFlt; C:\windows\System32\DRIVERS\360AvFlt.sys [86248 2017-01-22] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-01-22] (360.cn)
R1 360Box64; C:\windows\System32\DRIVERS\360Box64.sys [330472 2017-01-22] (360.cn)
R1 360Camera; C:\windows\System32\Drivers\360Camera64.sys [40520 2017-01-22] (360.cn)
R1 360FsFlt; C:\windows\System32\DRIVERS\360FsFlt.sys [391392 2017-01-22] (360.cn)
S3 ATHENA3; C:\windows\System32\DRIVERS\ASEDRV3.sys [64888 2014-03-03] (Athena Smartcard Solutions)
R1 BAPIDRV; C:\windows\System32\DRIVERS\BAPIDRV64.sys [188864 2017-01-22] (360.cn)
R1 ccSet_NAT; C:\windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 gfiark; C:\windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [54736 2017-01-25] ()
R3 irstrtdv; C:\windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-22] (Intel Corporation)
S3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [102856 2017-01-26] (Malwarebytes)
S3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-01-26] (Malwarebytes)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R0 pwdrvio; C:\windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
R2 sbapifs; C:\windows\System32\DRIVERS\sbapifs.sys [89000 2016-02-29] (ThreatTrack Security Inc.)
S3 sbhips; C:\windows\System32\drivers\sbhips.sys [63696 2015-09-29] (ThreatTrack Security)
R1 sbwfw; C:\windows\System32\DRIVERS\sbwfw.sys [345520 2016-02-29] (ThreatTrack Security)
R3 sbwtis; C:\windows\System32\DRIVERS\sbwtis.sys [95608 2015-09-29] (ThreatTrack Security)
R2 WebExaminer; C:\windows\system32\Drivers\WebExaminer64.sys [34408 2015-10-16] (ThreatTrack Security Inc.)
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X]
S1 ZAM; \??\C:\windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-27 20:27 - 2017-01-27 20:27 - 00041439 _____ C:\Users\wmartinez\Downloads\FRST.txt
2017-01-27 20:26 - 2017-01-27 20:27 - 00000000 ____D C:\FRST
2017-01-27 20:25 - 2017-01-27 20:25 - 02420736 _____ (Farbar) C:\Users\wmartinez\Downloads\FRST64.exe
2017-01-27 19:48 - 2017-01-27 20:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-27 19:47 - 2017-01-27 20:25 - 00000000 ____D C:\Users\wmartinez\Desktop\mbar
2017-01-27 19:40 - 2017-01-27 19:41 - 16563352 _____ (Malwarebytes Corp.) C:\Users\wmartinez\Downloads\mbar-1.09.3.1001.exe
2017-01-27 11:30 - 2017-01-27 20:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 11:29 - 2017-01-27 11:29 - 00245600 _____ C:\Users\wmartinez\Downloads\Firefox Setup Stub 51.0.1.exe
2017-01-27 11:24 - 2017-01-27 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 06:12 - 2017-01-27 06:12 - 00000000 __SHD C:\$360Section
2017-01-26 17:08 - 2017-01-27 06:12 - 00000000 ____D C:\ProgramData\360Quarant
2017-01-26 17:07 - 2017-01-26 17:07 - 00000000 ____D C:\windows\Tasks\360Disabled
2017-01-26 17:06 - 2017-01-27 20:25 - 00000000 ____D C:\Users\wmartinez\AppData\LocalLow\360WD
2017-01-26 17:06 - 2017-01-27 06:17 - 00000000 ____D C:\Users\wmartinez\AppData\Roaming\360safe
2017-01-26 17:06 - 2017-01-26 17:07 - 00000000 ____D C:\ProgramData\360safe
2017-01-26 17:06 - 2017-01-26 17:06 - 00000000 ____D C:\Users\wmartinez\AppData\Roaming\360TotalSecurity
2017-01-26 17:06 - 2017-01-26 17:06 - 00000000 ____D C:\ProgramData\360TotalSecurity
2017-01-26 17:06 - 2017-01-22 00:16 - 00391392 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys
2017-01-26 17:06 - 2017-01-22 00:16 - 00086248 _____ (360.cn) C:\windows\SysWOW64\Drivers\360AvFlt.sys
2017-01-26 17:05 - 2017-01-27 06:17 - 00000000 ____D C:\Program Files (x86)\360
2017-01-26 17:05 - 2017-01-26 17:05 - 00001153 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2017-01-26 17:05 - 2017-01-26 17:05 - 00000000 _RSHD C:\360SANDBOX
2017-01-26 17:05 - 2017-01-26 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-01-26 17:05 - 2017-01-22 00:16 - 00330472 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2017-01-26 17:05 - 2017-01-22 00:16 - 00188864 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2017-01-26 17:05 - 2017-01-22 00:16 - 00151784 _____ (360.cn) C:\windows\system32\Drivers\360AntiHacker64.sys
2017-01-26 17:05 - 2017-01-22 00:16 - 00086248 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2017-01-26 17:05 - 2017-01-22 00:16 - 00040520 _____ (360.cn) C:\windows\system32\Drivers\360Camera64.sys
2017-01-26 17:04 - 2017-01-26 17:05 - 50401200 _____ C:\Users\wmartinez\Downloads\360TS_Setup.exe
2017-01-26 16:38 - 2017-01-26 16:38 - 01418664 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\wmartinez\Downloads\360TS_Setup_Mini.exe
2017-01-26 16:20 - 2017-01-26 16:20 - 00000085 _____ C:\windows\wininit.ini
2017-01-26 16:20 - 2017-01-26 16:20 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2017-01-26 16:07 - 2017-01-27 07:56 - 00003276 _____ C:\windows\System32\Tasks\GridinSoft Anti-Malware
2017-01-26 16:06 - 2017-01-27 15:15 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
2017-01-26 16:06 - 2017-01-26 16:06 - 00000000 ____D C:\ProgramData\GridinSoft
2017-01-26 15:38 - 2017-01-26 15:38 - 00001459 _____ C:\Users\wmartinez\Desktop\Instalar Kaspersky Security Scan versión 16.0.0.1344.lnk
2017-01-26 15:35 - 2017-01-26 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-01-26 15:34 - 2017-01-26 15:34 - 00156019 _____ C:\Users\wmartinez\Desktop\JRT.txt
2017-01-26 15:02 - 2017-01-26 19:09 - 00004010 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{2EE484F2-598D-4A8C-897F-E83FFE19A9BA}
2017-01-26 15:01 - 2017-01-26 15:01 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\6075645A.sys
2017-01-26 14:56 - 2017-01-26 14:56 - 02601299 _____ C:\Users\wmartinez\Downloads\chrome-extension_eggkanocgddhmamlbiijnphhppkpkmkl_0.indexeddb.leveldb.zip
2017-01-26 14:27 - 2017-01-26 14:27 - 01301968 _____ (GridinSoft LLC) C:\Users\wmartinez\Downloads\grind-setup.exe
2017-01-26 13:58 - 2017-01-26 13:58 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\7DDB33D3.sys
2017-01-26 13:33 - 2017-01-26 13:35 - 18578896 _____ C:\Users\wmartinez\Downloads\unhackme.zip
2017-01-26 13:16 - 2017-01-26 13:16 - 00000000 ____D C:\Users\wmartinez\Desktop\Old Firefox Data
2017-01-26 11:55 - 2017-01-26 11:55 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\154955D6.sys
2017-01-26 06:31 - 2017-01-27 07:54 - 01052784 _____ C:\windows\ntbtlog.txt
2017-01-25 21:18 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-01-25 21:15 - 2017-01-26 16:22 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-25 21:15 - 2017-01-26 16:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-25 21:15 - 2017-01-25 21:15 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-01-25 21:15 - 2017-01-25 21:15 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-01-25 21:15 - 2017-01-25 21:15 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-01-25 21:05 - 2017-01-25 21:07 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\wmartinez\Downloads\spybot-2.4-1.exe
2017-01-25 21:05 - 2017-01-25 21:06 - 02671136 _____ (Kaspersky Lab) C:\Users\wmartinez\Downloads\kss16.0.0.1344en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_ko_id_pt_ar_vi_hi_zh-hant_fa_10837.exe
2017-01-25 21:03 - 2017-01-25 21:06 - 141632280 _____ (Microsoft Corporation) C:\Users\wmartinez\Downloads\msert.exe
2017-01-25 20:59 - 2017-01-25 20:59 - 01663040 _____ (Malwarebytes) C:\Users\wmartinez\Downloads\JRT.exe
2017-01-25 20:53 - 2017-01-25 20:53 - 00176064 _____ (Malwarebytes) C:\windows\system32\Drivers\1BA122E6.sys
2017-01-25 20:24 - 2017-01-25 20:24 - 00054736 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2017-01-25 19:49 - 2017-01-25 19:49 - 00000000 ____D C:\windows\pss
2017-01-25 19:45 - 2017-01-25 19:45 - 00176064 _____ (Malwarebytes) C:\windows\system32\Drivers\18C36EFB.sys
2017-01-25 18:35 - 2017-01-25 18:35 - 00176064 _____ (Malwarebytes) C:\windows\system32\Drivers\230C3A05.sys
2017-01-25 08:35 - 2017-01-26 16:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-25 08:34 - 2017-01-25 08:35 - 28987648 _____ (SUPERAntiSpyware) C:\Users\wmartinez\Downloads\SUPERAntiSpyware.exe
2017-01-24 20:03 - 2017-01-24 20:04 - 48750920 _____ C:\Users\wmartinez\Downloads\BDPUARLauncher.exe
2017-01-24 17:30 - 2017-01-24 17:30 - 00176064 _____ (Malwarebytes) C:\windows\system32\Drivers\3B733966.sys
2017-01-24 17:29 - 2017-01-24 17:29 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\7FFC38EA.sys
2017-01-24 17:26 - 2017-01-24 17:26 - 00003115 _____ C:\Users\wmartinez\Downloads\Comprobante636208756642605723.pdf
2017-01-24 17:26 - 2017-01-24 17:26 - 00003110 _____ C:\Users\wmartinez\Downloads\Comprobante636208756881600787.pdf
2017-01-23 21:28 - 2017-01-23 21:28 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2017-01-23 21:28 - 2017-01-23 21:28 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-01-23 21:27 - 2017-01-23 21:27 - 00752296 _____ C:\Users\wmartinez\Downloads\Adware Removal Tool by TSA.exe
2017-01-23 21:13 - 2017-01-25 20:48 - 00000000 ____D C:\AdwCleaner
2017-01-23 21:12 - 2017-01-23 21:12 - 03988944 _____ C:\Users\wmartinez\Downloads\adwcleaner_6.042.exe
2017-01-23 21:00 - 2017-01-23 21:11 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-23 20:58 - 2017-01-23 20:59 - 11581544 _____ (SurfRight B.V.) C:\Users\wmartinez\Downloads\hitmanpro_x64.exe
2017-01-23 19:05 - 2017-01-23 19:05 - 00176064 _____ (Malwarebytes) C:\windows\system32\Drivers\3FF23448.sys
2017-01-23 19:04 - 2017-01-23 19:04 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\2E7633CF.sys
2017-01-23 15:28 - 2017-01-23 15:28 - 00000000 ____D C:\Users\wmartinez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-22 16:39 - 2017-01-22 16:39 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-01-22 16:36 - 2017-01-22 16:35 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-22 16:05 - 2017-01-22 16:05 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\49F55CC7.sys
2017-01-22 06:52 - 2017-01-22 06:52 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\3E0C353C.sys
2017-01-22 06:47 - 2017-01-22 06:47 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\56103196.sys
2017-01-20 15:14 - 2017-01-20 15:14 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\20ED192F.sys
2017-01-20 15:14 - 2017-01-20 15:14 - 00176064 _____ (Malwarebytes) C:\windows\system32\Drivers\3C9E1977.sys
2017-01-20 14:50 - 2017-01-24 22:59 - 00067932 _____ C:\windows\ZAM_Guard.krnl.trace
2017-01-20 14:50 - 2017-01-24 20:01 - 00241143 _____ C:\windows\ZAM.krnl.trace
2017-01-20 14:49 - 2017-01-25 08:02 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-20 14:49 - 2017-01-20 14:49 - 00000000 ____D C:\Users\wmartinez\AppData\Local\Zemana
2017-01-20 14:48 - 2017-01-20 14:49 - 05483584 _____ ( ) C:\Users\wmartinez\Downloads\Zemana.AntiMalware.Setup.exe
2017-01-13 11:56 - 2017-01-18 16:05 - 00000179 _____ C:\Users\wmartinez\BullseyeCoverageError.txt
2017-01-12 14:14 - 2017-01-27 19:47 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-01-12 14:14 - 2017-01-26 13:58 - 00102856 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-01-12 14:14 - 2017-01-26 13:58 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-01-12 14:14 - 2017-01-25 21:14 - 00081696 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-01-12 14:13 - 2017-01-27 19:48 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-12 14:13 - 2017-01-26 15:04 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-12 14:13 - 2017-01-26 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-12 14:13 - 2017-01-20 07:47 - 00077416 _____ C:\windows\system32\Drivers\mbae64.sys
2017-01-12 14:12 - 2017-01-27 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-12 14:12 - 2017-01-12 14:12 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-12 12:45 - 2016-12-19 11:59 - 54199488 _____ (Malwarebytes ) C:\Users\wmartinez\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-12 10:53 - 2017-01-12 10:53 - 00014964 _____ C:\Users\wmartinez\AppData\LocalLow\wbk3DFA.tmp
2017-01-11 15:45 - 2017-01-11 15:45 - 00000000 ____D C:\00f315f2d5c855558b
2017-01-11 11:26 - 2017-01-11 11:26 - 00004105 _____ C:\Users\wmartinez\Downloads\Comprobante636197308360410206.pdf
2017-01-09 21:55 - 2017-01-09 21:55 - 00000000 ____D C:\Users\wmartinez\Desktop\luna
2017-01-09 14:58 - 2017-01-09 14:58 - 00039280 _____ C:\Users\wmartinez\AppData\LocalLow\wbk265B.tmp
2017-01-05 17:04 - 2017-01-05 17:04 - 00007914 _____ C:\Users\wmartinez\Downloads\sslvpn_conf_wmartinez@krome-prod-vpn.santaclara.enki.co.zip
2017-01-05 12:07 - 2017-01-05 12:07 - 00157184 _____ C:\Users\wmartinez\Downloads\Report Sign ups2017-01-05-10-31-47.xls
2017-01-01 22:00 - 2017-01-01 22:00 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-01 22:00 - 2017-01-01 22:00 - 00001202 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-01-01 14:55 - 2017-01-01 14:55 - 00004105 _____ C:\Users\wmartinez\Downloads\Comprobante636188793584859323.pdf
2017-01-01 14:55 - 2017-01-01 14:55 - 00004083 _____ C:\Users\wmartinez\Downloads\Comprobante636188793937267841.pdf
2017-01-01 14:55 - 2017-01-01 14:55 - 00004081 _____ C:\Users\wmartinez\Downloads\Comprobante636188793759113557.pdf
2017-01-01 14:54 - 2017-01-01 14:54 - 00004083 _____ C:\Users\wmartinez\Downloads\Comprobante636188793358344419.pdf
2017-01-01 14:54 - 2017-01-01 14:54 - 00004007 _____ C:\Users\wmartinez\Downloads\Comprobante636188792914674731.pdf
2017-01-01 14:53 - 2017-01-01 14:53 - 00003975 _____ C:\Users\wmartinez\Downloads\Comprobante636188792721232251.pdf
2017-01-01 14:53 - 2017-01-01 14:53 - 00003972 _____ C:\Users\wmartinez\Downloads\Comprobante636188792539333919.pdf
2017-01-01 14:53 - 2017-01-01 14:53 - 00003917 _____ C:\Users\wmartinez\Downloads\Comprobante636188792343863413.pdf
2017-01-01 14:52 - 2017-01-01 14:52 - 00003917 _____ C:\Users\wmartinez\Downloads\Comprobante636188792238406061.pdf
2017-01-01 14:52 - 2017-01-01 14:52 - 00003105 _____ C:\Users\wmartinez\Downloads\Comprobante636188791954950427.pdf
2017-01-01 14:51 - 2017-01-01 14:51 - 00003323 _____ C:\Users\wmartinez\Downloads\Comprobante636188791308010133.pdf
2017-01-01 11:50 - 2017-01-01 11:50 - 00129702 _____ C:\Users\wmartinez\Downloads\tasks_2017-01-01_09-50-48.csv
2017-01-01 11:49 - 2017-01-01 11:49 - 00000225 _____ C:\Users\wmartinez\Downloads\tasks_2017-01-01_09-49-41.csv
2016-12-30 17:04 - 2017-01-11 15:45 - 00000000 ___HT C:\windows\wusa.lock
2016-12-30 17:04 - 2016-12-30 17:04 - 00000000 ____D C:\9a44947e19fe1faddd2087
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-27 20:19 - 2014-01-05 13:36 - 00000000 ____D C:\Users\wmartinez\AppData\Roaming\Skype
2017-01-27 20:17 - 2015-06-17 10:15 - 00000934 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-374155167-3560257060-3864837840-1000UA.job
2017-01-27 20:12 - 2009-07-13 22:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-27 20:12 - 2009-07-13 22:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-27 20:00 - 2016-11-21 19:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-27 19:38 - 2014-03-05 13:30 - 00000586 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-374155167-3560257060-3864837840-1000.job
2017-01-27 19:38 - 2013-01-09 21:16 - 00000838 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-01-27 19:36 - 2015-06-06 18:48 - 00000682 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-374155167-3560257060-3864837840-1000.job
2017-01-27 19:12 - 2014-06-25 18:32 - 00000000 ____D C:\Users\wmartinez\AppData\Local\TGitCache
2017-01-27 18:29 - 2016-11-23 15:14 - 00000000 ____D C:\Users\wmartinez\AppData\LocalLow\Mozilla
2017-01-27 18:17 - 2015-06-17 10:15 - 00000882 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-374155167-3560257060-3864837840-1000Core.job
2017-01-27 15:16 - 2013-12-26 08:27 - 00000000 ___RD C:\Users\wmartinez\Dropbox
2017-01-27 15:15 - 2016-04-11 12:43 - 00003440 _____ C:\windows\SysWOW64\VipreEdgeProtectionOff.ini
2017-01-27 15:15 - 2016-04-11 12:43 - 00003440 _____ C:\windows\system32\VipreEdgeProtectionOff.ini
2017-01-27 15:15 - 2013-02-05 18:39 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-01-27 15:15 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-27 12:22 - 2013-02-05 18:39 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-01-27 11:31 - 2013-12-21 05:22 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-27 11:30 - 2013-12-21 05:28 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-27 07:54 - 2014-01-21 16:45 - 00000000 ____D C:\Program Files (x86)\VIPRE
2017-01-27 06:15 - 2014-12-26 06:43 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-27 06:15 - 2014-01-05 14:14 - 00003468 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-27 06:15 - 2014-01-05 14:14 - 00003340 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-27 06:12 - 2015-12-12 17:47 - 00000000 ____D C:\Users\wmartinez\Desktop\Nero
2017-01-27 06:12 - 2015-12-12 17:47 - 00000000 ____D C:\Users\wmartinez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-01-27 06:10 - 2010-11-21 01:09 - 00819346 _____ C:\windows\system32\perfh00A.dat
2017-01-27 06:10 - 2010-11-21 01:09 - 00188154 _____ C:\windows\system32\perfc00A.dat
2017-01-27 06:10 - 2009-07-13 23:13 - 01857348 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-27 06:10 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2017-01-26 17:08 - 2009-07-13 21:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2017-01-26 17:08 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-01-26 16:22 - 2013-12-22 02:56 - 00000000 ____D C:\Users\wmartinez\AppData\Local\TSVNCache
2017-01-26 11:58 - 2015-12-23 10:50 - 00000000 ____D C:\Users\wmartinez\aws-java-sdk
2017-01-26 09:23 - 2016-08-24 08:00 - 00000000 ____D C:\Program Files\CyberGhost 6
2017-01-26 09:11 - 2014-06-25 16:41 - 00000000 ____D C:\Users\wmartinez\AppData\Local\Eclipse
2017-01-26 09:06 - 2015-06-06 18:48 - 00003724 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-374155167-3560257060-3864837840-1000
2017-01-26 09:06 - 2014-03-05 13:30 - 00003628 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-374155167-3560257060-3864837840-1000
2017-01-25 21:18 - 2015-07-20 09:29 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-25 19:45 - 2014-01-15 14:21 - 00000000 ____D C:\Users\wmartinez\AppData\Local\CrashDumps
2017-01-25 19:43 - 2009-07-13 23:08 - 00032636 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-01-25 13:32 - 2015-05-27 09:38 - 00000000 ____D C:\Proyectos
2017-01-24 17:30 - 2013-12-20 03:28 - 00000000 ____D C:\Users\wmartinez
2017-01-23 16:56 - 2014-03-20 12:09 - 00000000 ____D C:\Users\wmartinez\AppData\LocalLow\WebEx
2017-01-23 16:00 - 2014-03-20 12:08 - 00000000 ____D C:\ProgramData\WebEx
2017-01-23 15:28 - 2013-12-26 08:24 - 00000000 ____D C:\Users\wmartinez\AppData\Roaming\Dropbox
2017-01-22 16:39 - 2014-07-17 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-22 16:39 - 2014-06-13 14:15 - 00000000 ____D C:\Program Files\Java
2017-01-22 16:39 - 2014-01-20 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 16:35 - 2013-01-09 21:14 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-20 13:41 - 2015-11-07 09:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 07:02 - 2015-12-09 17:47 - 00000000 ____D C:\Users\wmartinez\.p2
2017-01-18 16:45 - 2014-01-10 15:18 - 00000984 _____ C:\Users\wmartinez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-01-18 16:45 - 2014-01-10 15:18 - 00000976 _____ C:\Users\wmartinez\Desktop\join.me.lnk
2017-01-18 16:45 - 2014-01-10 15:18 - 00000000 ____D C:\Users\wmartinez\AppData\Local\join.me
2017-01-14 15:50 - 2013-01-09 21:16 - 00003776 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-01-14 15:50 - 2013-01-09 21:15 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-01-14 15:50 - 2013-01-09 21:15 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-14 15:50 - 2013-01-09 21:15 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-01-14 15:50 - 2013-01-09 21:15 - 00000000 ____D C:\windows\system32\Macromed
2017-01-11 15:45 - 2013-01-09 21:21 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-11 15:43 - 2013-01-09 21:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-10 10:16 - 2013-12-24 17:25 - 00002288 ____H C:\Users\wmartinez\Documents\Default.rdp
2017-01-10 09:24 - 2016-09-17 15:48 - 00000000 ____D C:\Users\wmartinez\AppData\Roaming\Nitro
2017-01-10 09:24 - 2009-07-13 23:32 - 00000000 ____D C:\windows\system32\FxsTmp
2017-01-07 15:00 - 2013-12-20 21:21 - 01835674 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2017-01-02 21:34 - 2016-08-24 08:01 - 00001776 _____ C:\Users\wmartinez\Desktop\CyberGhost 6.lnk
2017-01-02 21:34 - 2015-05-27 14:40 - 00001764 _____ C:\Users\wmartinez\Desktop\ImageMagick Display.lnk
2017-01-02 21:34 - 2015-05-27 12:00 - 00000860 _____ C:\Users\wmartinez\Desktop\HeidiSQL.lnk
2017-01-02 18:22 - 2014-06-08 17:42 - 00000000 ____D C:\1
2017-01-01 21:59 - 2014-08-03 10:33 - 00000000 ____D C:\Program Files\paint.net
2016-12-29 20:21 - 2013-12-26 10:36 - 00000000 ____D C:\windows\system32\MRT
2016-12-29 20:18 - 2013-12-26 10:36 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-12-28 15:03 - 2013-12-22 03:08 - 00000000 ____D C:\Users\wmartinez\AppData\Local\Diagnostics
2016-12-28 15:03 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2016-12-28 15:02 - 2009-07-13 20:34 - 00001014 _____ C:\windows\system32\Drivers\etc\hosts
 
==================== Files in the root of some directories =======
 
2003-12-29 11:23 - 2003-12-29 11:23 - 0851968 _____ (rgc:audio software) C:\Program Files (x86)\sfz+.dll
2003-12-19 13:51 - 2003-12-19 13:51 - 0102400 _____ () C:\Program Files (x86)\sfz+.exe
2003-12-28 20:28 - 2003-12-28 20:28 - 0114688 _____ () C:\Program Files (x86)\sfz+DXi.dll
2010-07-18 15:37 - 2010-07-18 15:37 - 0000793 _____ () C:\Program Files (x86)\unins000.dat
2003-11-28 04:00 - 2003-11-28 04:00 - 0075922 _____ (Jordan Russell) C:\Program Files (x86)\unins000.exe
2010-07-18 15:37 - 2010-07-18 15:37 - 0000755 _____ () C:\Program Files (x86)\unins001.dat
2003-11-28 04:00 - 2003-11-28 04:00 - 0075922 _____ (Jordan Russell) C:\Program Files (x86)\unins001.exe
2012-07-01 07:02 - 2012-07-01 07:02 - 0354745 _____ () C:\Program Files (x86)\unins002.dat
2012-07-01 07:02 - 2012-07-01 06:59 - 0707768 _____ () C:\Program Files (x86)\unins002.exe
2012-07-01 12:33 - 2015-12-19 16:58 - 0394708 _____ () C:\Program Files (x86)\unins003.dat
2012-07-01 12:33 - 2015-12-19 16:58 - 0707299 _____ () C:\Program Files (x86)\unins003.exe
2013-02-20 12:52 - 2013-02-20 12:53 - 0154256 _____ () C:\Program Files (x86)\unins004.dat
2013-02-20 12:52 - 2013-02-20 12:51 - 0707609 _____ () C:\Program Files (x86)\unins004.exe
2015-12-19 16:59 - 2015-12-19 17:00 - 0036637 _____ () C:\Program Files (x86)\unins005.dat
2015-12-19 16:59 - 2015-12-19 16:59 - 0707299 _____ () C:\Program Files (x86)\unins005.exe
2010-05-16 20:45 - 2010-05-16 20:53 - 0087608 _____ () C:\Users\wmartinez\AppData\Roaming\inst.exe
2010-05-16 20:45 - 2010-05-16 20:53 - 0007887 _____ () C:\Users\wmartinez\AppData\Roaming\pcouffin.cat
2010-05-16 20:45 - 2010-05-16 20:53 - 0001144 _____ () C:\Users\wmartinez\AppData\Roaming\pcouffin.inf
2010-05-16 20:45 - 2010-05-16 20:54 - 0000033 _____ () C:\Users\wmartinez\AppData\Roaming\pcouffin.log
2010-05-16 20:45 - 2010-05-16 20:53 - 0047360 _____ (VSO Software) C:\Users\wmartinez\AppData\Roaming\pcouffin.sys
2010-09-05 12:48 - 2012-11-07 13:24 - 0013030 _____ () C:\Users\wmartinez\AppData\Roaming\PDOXUSRS.NET
2010-05-09 20:34 - 2012-07-11 21:01 - 0060928 _____ () C:\Users\wmartinez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-12 20:52 - 2010-07-12 21:54 - 0013030 _____ () C:\Users\wmartinez\AppData\Local\PDOXUSRS.NET
2015-05-27 10:03 - 2015-07-20 12:47 - 0000600 _____ () C:\Users\wmartinez\AppData\Local\PUTTY.RND
2013-10-23 14:42 - 2013-10-23 14:42 - 0000848 _____ () C:\Users\wmartinez\AppData\Local\recently-used.xbel
2014-04-20 19:01 - 2014-04-20 19:01 - 0000017 _____ () C:\Users\wmartinez\AppData\Local\resmon.resmoncfg
2013-11-06 08:50 - 2013-11-06 08:50 - 0000008 __RSH () C:\Users\wmartinez\AppData\Local\ℤ™☠
2013-08-17 18:02 - 2014-11-18 20:13 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-03-19 07:44 - 2014-03-19 07:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-04-29 08:50 - 2010-04-29 08:50 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\TsWpfWrp.exe
C:\Windows\System32\zipfldr.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-05 10:04
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:21 AM

Posted 01 February 2017 - 10:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
HKLM\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
ShellIconOverlayIdentifiers-x32: [Offline Files] -> {4E77131D-3629-431c-9818-C5679DC83E81} =>  -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
FF Plugin HKU\S-1-5-21-374155167-3560257060-3864837840-1000: @tools.google.com/Google Update;version=3 -> C:\Users\wmartinez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-374155167-3560257060-3864837840-1000: @tools.google.com/Google Update;version=9 -> C:\Users\wmartinez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\wmartinez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X]
S1 ZAM; \??\C:\windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\windows\System32\drivers\zamguard64.sys [X]
Task: {2C62CE01-FFFF-41AB-9784-3F3B5F70C7A3} - \{515B33BB-8831-43C8-9DFE-7481BB5AE84B} -> No File <==== ATTENTION
Task: {5FEDADF0-AFFA-49CB-90A8-0707852368D8} - System32\Tasks\{B29BE9D9-36AF-4AF3-ABA8-A58680D4A988} => pcalua.exe -a C:\Users\WMARTI~1\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]
C:\Windows\System32\TsWpfWrp.exe
C:\Windows\System32\zipfldr.dll

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove the old version(s) via the Control Panel > Programs > Programs and Features.
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Java™ SE Development Kit 6 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)

Please let me know what problem persists with this computer.

#3 willmarpo

willmarpo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 03 February 2017 - 06:58 PM

Attached File  Fixlog.txt   7.38KB   2 downloadsThanks a lot!

The problem is not present it seems, at least after reboot. Will monitor in the following days.

Attached is the log.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:21 AM

Posted 04 February 2017 - 08:35 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users