Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptolocker 4th version - Help to clean system


  • This topic is locked This topic is locked
5 replies to this topic

#1 jrcouso

jrcouso

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:07:53 PM

Posted 23 January 2015 - 02:35 PM

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by JOSE (administrator) on JOSEPC on 23-01-2015 20:17:32
Running from C:\Users\JOSE\Downloads
Loaded Profiles: JOSE (Available profiles: JOSE)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Voobly) C:\Program Files (x86)\Voobly\voobly.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(LogMeIn, Inc.) C:\Users\JOSE\AppData\Roaming\cubby\cubby.exe
(Box) C:\Users\JOSE\AppData\Local\Box\Box Edit\Box Edit.exe
(Yandex) C:\Users\JOSE\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Winamp3\winampa.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Argente Software) C:\Program Files (x86)\Argente - Registry Cleaner\ArgenteRC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Yandex) C:\Users\JOSE\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskStarter.exe
(Yandex) C:\Users\JOSE\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-05-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2010-03-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp3\winampa.exe [12288 2002-07-23] ()
HKLM-x32\...\Run: [AVP] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
HKLM-x32\...\Run: [ArgenteRC] => C:\Program Files (x86)\Argente - Registry Cleaner\ArgenteRC.exe [2759168 2012-10-24] (Argente Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1238016 2013-07-28] (Easybits)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-04-22] (TomTom)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2014-03-09] (Voobly)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2285344 2013-12-09] (IObit)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [LogMeIn Cubby] => C:\Users\JOSE\AppData\Roaming\cubby\cubby.exe [5454608 2014-09-17] (LogMeIn, Inc.)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [Box Edit] => C:\Users\JOSE\AppData\Local\Box\Box Edit\Box Edit.exe [481816 2014-07-24] (Box)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [SyncManPath] => C:\Users\JOSE\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe [23287584 2014-08-27] (Yandex)
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\...\Run: [GoogleChromeAutoLaunch_EE0E85543B1990E5E61A6663EAD29973] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [Identificador de icono superpuesto para firmas digitales de AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1385758516&from=cor&uid=WDCXWD6400AAKS-65A7B2_WD-WCASY765493354933&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {F2D3C005-02BE-4E80-8A44-47F02E8B1365} URL = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> DefaultScope {AF0DA0DB-FD94-48C6-BA50-E4DC6AED1140} URL = https://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> {AF0DA0DB-FD94-48C6-BA50-E4DC6AED1140} URL = https://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> {F2D3C005-02BE-4E80-8A44-47F02E8B1365} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {915B4CF8-B58E-4CA5-88BE-E21799DB75F2} https://www.uno-e.com/DFAUTH/mult/BBVASign.CAB
DPF: HKLM-x32 {C1BAC744-8F0B-11D0-89E7-00C0A8295197} http://www.crtvg.es/camweb/camera.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-449053540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-23] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{21E72B68-0020-460F-95E1-DCC4A8AB32DB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{236D9EEB-E8D4-4115-A898-2FC83C961DF3}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{3778F842-3D6B-4AF2-B4B1-7CE62FD7581A}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{386D0755-43DD-4BA9-A582-EAC81A69CB24}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4429CBF2-EB4A-4FB2-B2DF-E655BCD6D84C}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4D5D2F6B-2249-4112-9399-BAA54ACCE739}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4EEFAB5F-E6A0-439D-B487-3748539A1ACD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{78F5289B-F6C6-401B-AACD-7C0592D07DD9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7D685AD7-EC75-4572-B9BD-9557E97E486A}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9F55F25C-1E2F-4D2D-A09B-C29D5231BCC2}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{ACDF6C20-1F27-4560-8391-3F39CBFA1D69}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B6F3C475-7FF0-4E09-964E-CB977E5F98B8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CA63AA10-A201-4953-A584-FA853DA80E3B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DC245424-4BFD-4580-8D8C-03362EB8F23E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DCBFCAF9-057F-4A4F-A343-A2BECCB324D1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E970BA13-D8BE-47B6-BE4B-19454A50F3DF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F17D2D81-EF8E-4D8B-B842-24D07E89FEFD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FD8EA7B3-B821-41C5-BEFD-424F188FE9CC}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\JOSE\AppData\Roaming\Mozilla\Firefox\Profiles\9uou8dr8.default-1370772484184
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=ES&userid=47dd794c-5cbc-e992-030f-cd15bea37aba&searchtype=ds&installDate=26/10/2013&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.709 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.709 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.709 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2115087062-3500390577-4212252721-1000: box.com/BoxEdit -> C:\Users\JOSE\AppData\Local\Box\Box Edit\npBoxEdit.dll (Box)
FF user.js: detected! => C:\Users\JOSE\AppData\Roaming\Mozilla\Firefox\Profiles\9uou8dr8.default-1370772484184\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\JOSE\AppData\Roaming\Mozilla\Firefox\Profiles\9uou8dr8.default-1370772484184\Extensions\ascsurfingprotection@iobit.com [2014-05-18]
FF Extension: KsDataTypeHandlerAnalogVideo - C:\Users\JOSE\AppData\Roaming\Mozilla\Firefox\Profiles\9uou8dr8.default-1370772484184\Extensions\{047E49B7-6903-BD61-0144-1D0462C2293C} [2014-09-27]
FF Extension: DownloadHelper - C:\Users\JOSE\AppData\Roaming\Mozilla\Firefox\Profiles\9uou8dr8.default-1370772484184\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@holasearch.com [2014-12-23]
FF Extension: Supervisor Kaspersky de vínculos URL - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2014-10-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-10-06]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-24]
CHR Extension: (YouTube) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-24]
CHR Extension: (Búsqueda de Google) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-24]
CHR Extension: (Kaspersky Protection) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-10-06]
CHR Extension: (Booking.com for Chrome™) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SafeBrowse) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak [2014-04-08]
CHR Extension: (Gmail) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-24]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\JOSE\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-06-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2009-02-27] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2732032 2009-02-27] (Firebird Project) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-10-21] (SolidWorks) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-11-21] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-11-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-11-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-06-01] (Realtek Semiconductor Corporation                           ) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2004-07-08] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-28] () [File not signed]
U3 afboc8b8; C:\Windows\System32\Drivers\afboc8b8.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
U2 wuaserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 20:17 - 2015-01-23 20:24 - 00036530 _____ () C:\Users\JOSE\Downloads\FRST.txt
2015-01-23 20:16 - 2015-01-23 20:17 - 00000000 ____D () C:\FRST
2015-01-23 20:15 - 2015-01-23 20:15 - 02126848 _____ (Farbar) C:\Users\JOSE\Downloads\FRST64.exe
2015-01-23 18:56 - 2015-01-23 18:56 - 00001308 _____ () C:\Users\JOSE\BACKUP_ME.REG
2015-01-23 18:46 - 2015-01-23 20:10 - 00000000 ____D () C:\Users\JOSE\Documents\PCLOCK_infeccion_Enero2015
2015-01-23 18:36 - 2015-01-23 18:36 - 00000272 _____ () C:\Users\JOSE\last_chance.txt
2015-01-12 00:27 - 2015-01-12 00:28 - 01033384 _____ (Emsisoft Ltd) C:\Users\JOSE\Downloads\decrypt_pclock2.exe
2015-01-11 23:18 - 2015-01-11 23:18 - 00000000 ____D () C:\Users\JOSE\AppData\Local\TeamViewer
2015-01-10 01:42 - 2015-01-10 01:42 - 00001049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-10 01:42 - 2015-01-10 01:42 - 00001037 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-01-10 01:41 - 2015-01-10 01:41 - 07718728 _____ (TeamViewer GmbH) C:\Users\JOSE\Downloads\TeamViewer_Setup_es.exe
2015-01-10 01:30 - 2015-01-10 01:30 - 00736736 _____ (Emsisoft Ltd) C:\Users\JOSE\Downloads\decrypt_pclock.exe
2015-01-09 22:57 - 2015-01-09 00:59 - 15050088 _____ () C:\Users\JOSE\Downloads\enc_files.txt
2015-01-09 22:32 - 2015-01-09 22:32 - 00000000 ____D () C:\Windows\pss
2015-01-09 22:13 - 2015-01-09 22:13 - 00000000 ____D () C:\Windows\SysWOW64\%Data%
2015-01-09 22:12 - 2015-01-23 18:35 - 00000616 _____ () C:\Windows\setupact.log
2015-01-09 22:12 - 2015-01-09 22:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-09 22:11 - 2015-01-09 22:11 - 00005938 _____ () C:\Windows\PFRO.log
2015-01-09 22:11 - 2015-01-09 22:11 - 00000000 _____ () C:\asc_rdflag
2015-01-09 21:54 - 2015-01-09 22:03 - 00000000 ____D () C:\Users\JOSE\AppData\Local\TorrentUnlocker
2015-01-09 21:53 - 2015-01-09 21:53 - 03437489 _____ (NathanScott Apps) C:\Users\JOSE\Downloads\TorrentUnlocker.exe
2015-01-09 21:48 - 2015-01-09 21:48 - 00971528 _____ (Foolish IT LLC ) C:\Users\JOSE\Downloads\CryptoPreventSetup.exe
2015-01-09 21:04 - 2015-01-09 21:04 - 00000987 _____ () C:\Users\JOSE\Desktop\CryptoLocker.lnk
2015-01-09 00:59 - 2015-01-09 00:59 - 15050088 _____ () C:\Users\JOSE\enc_files.txt
2015-01-08 22:42 - 2015-01-23 18:40 - 00000000 ____D () C:\Users\JOSE\AppData\Roaming\WinCL
2015-01-06 14:16 - 2015-01-06 15:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\02CD49FE.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 20:01 - 2014-11-16 16:56 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 19:56 - 2009-10-15 15:30 - 01786808 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 19:52 - 2010-01-24 21:59 - 00000000 ____D () C:\Users\JOSE\AppData\Roaming\vlc
2015-01-23 19:29 - 2014-04-18 21:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-23 19:00 - 2010-01-03 17:57 - 00000000 ____D () C:\Users\JOSE
2015-01-23 18:52 - 2014-04-20 21:46 - 00000000 ____D () C:\Users\JOSE\Desktop\JOSE
2015-01-23 18:48 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 18:48 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 18:43 - 2014-09-27 20:07 - 00000000 ___RD () C:\Users\JOSE\YandexDisk
2015-01-23 18:43 - 2014-02-15 18:03 - 00000000 ____D () C:\Users\JOSE\AppData\Roaming\cubby
2015-01-23 18:41 - 2009-09-23 13:49 - 00751356 _____ () C:\Windows\system32\perfh00A.dat
2015-01-23 18:41 - 2009-09-23 13:49 - 00160398 _____ () C:\Windows\system32\perfc00A.dat
2015-01-23 18:41 - 2009-07-14 06:13 - 01687288 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 18:40 - 2010-01-07 00:01 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D916E33E-1966-4DF6-BB5D-682A809E3FDA}
2015-01-23 18:36 - 2014-11-16 16:56 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 18:36 - 2012-11-18 13:44 - 00000000 ____D () C:\Program Files (x86)\Voobly
2015-01-23 18:36 - 2011-02-10 21:00 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-23 18:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 00:36 - 2013-12-16 19:10 - 00000000 ____D () C:\Users\JOSE\Desktop\DIKÉ - PRIVADO 2013_2014
2015-01-11 23:13 - 2010-01-03 18:03 - 00179304 _____ () C:\Users\JOSE\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 23:12 - 2014-05-18 12:24 - 00002211 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2015-01-11 23:11 - 2009-07-14 05:45 - 00576880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-10 01:42 - 2013-11-30 13:47 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-09 22:11 - 2014-05-18 20:57 - 115421184 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-01-09 22:11 - 2014-05-18 20:57 - 00516096 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-01-09 22:11 - 2014-05-18 20:57 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-01-09 22:11 - 2014-05-18 20:57 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-01-09 21:20 - 2011-02-20 16:34 - 00000000 ____D () C:\Windows\Minidump
2015-01-09 06:03 - 2014-09-15 14:32 - 00877800 _____ () C:\Users\JOSE\Downloads\Pilar (1).dwg
2015-01-09 06:03 - 2014-09-15 11:33 - 00203308 _____ () C:\Users\JOSE\Downloads\plantilla.ofertas.bc.docm
2015-01-09 06:03 - 2014-09-15 11:27 - 00371820 _____ () C:\Users\JOSE\Downloads\PPROJ0773_Lamina Centro comercial Talatona.dwg
2015-01-09 06:02 - 2014-03-30 17:20 - 00115050 _____ () C:\Users\JOSE\Downloads\4ºA PONTEPEDRIÑA.dwg
2015-01-09 06:02 - 2014-03-30 17:15 - 00122531 _____ () C:\Users\JOSE\Downloads\4ºD PONTEPEDRIÑA.dwg
2015-01-09 06:02 - 2013-09-01 12:57 - 223787392 _____ () C:\Users\JOSE\Downloads\Iberia_910_4973.rar.part
2015-01-09 02:37 - 2014-07-09 05:27 - 1717796865 _____ () C:\Users\JOSE\Desktop\tres 60 [español] hdrip xvid ac3 (2013, raúl mérida, sara sálamo).avi
2015-01-09 02:36 - 2014-07-09 05:28 - 1095216660 _____ () C:\Users\JOSE\Desktop\tres 60 camrip 2013 castellano rdteam.avi
2015-01-09 02:34 - 2014-07-07 14:22 - 1390008320 _____ () C:\Users\JOSE\Desktop\grace de monaco web screener español castellano 2014.avi
2015-01-09 02:34 - 2010-01-14 23:47 - 13814331 _____ () C:\Users\JOSE\Desktop\Regaliño.wmv
2015-01-09 02:34 - 2010-01-14 23:46 - 06474489 _____ () C:\Users\JOSE\Desktop\Regaliño2.rar
2015-01-09 02:34 - 2010-01-14 23:45 - 07340032 _____ () C:\Users\JOSE\Desktop\Regaliño1.rar
2015-01-09 02:33 - 2014-07-08 14:53 - 1713969152 _____ () C:\Users\JOSE\Desktop\cuento_de_invierno_2014_dvdrip_castellano_by_arkonada.avi
2015-01-09 02:31 - 2014-07-08 14:52 - 2036111360 _____ () C:\Users\JOSE\Desktop\cuento de invierno (hdrip) (elitetorrent net).avi
2015-01-09 02:29 - 2010-02-12 09:30 - 27751143 _____ () C:\Users\JOSE\Desktop\Clickéameee¡¡.wmv
2015-01-09 02:01 - 2012-09-24 20:08 - 31498154 _____ () C:\Users\JOSE\Eurocode_9__v.1.3_.rar
2015-01-08 09:55 - 2010-03-05 21:30 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 05:40 - 2014-12-23 16:19 - 00000000 ____D () C:\Users\JOSE\AppData\Roaming\.Tribler
2015-01-06 23:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-06 22:43 - 2014-03-15 22:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-06 20:31 - 2014-08-13 20:54 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-01-05 22:21 - 2010-05-13 13:41 - 00000000 ____D () C:\Users\JOSE\Desktop\Aida
2014-12-30 21:09 - 2012-04-25 22:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
2010-08-16 13:22 - 2010-08-16 13:22 - 0000810 _____ () C:\Program Files (x86)\INSTALL.LOG
2010-06-21 12:42 - 2010-02-10 03:18 - 2131336 _____ (Ask.com                                                      ) C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
2010-01-28 19:16 - 2014-05-17 22:08 - 0099384 _____ () C:\Users\JOSE\AppData\Roaming\inst.exe
2012-05-28 14:49 - 2014-11-16 17:39 - 0231755 _____ () C:\Users\JOSE\AppData\Roaming\mdbu.bin
2010-01-28 19:16 - 2014-05-17 22:08 - 0007859 _____ () C:\Users\JOSE\AppData\Roaming\pcouffin.cat
2010-01-28 19:16 - 2014-05-17 22:08 - 0001167 _____ () C:\Users\JOSE\AppData\Roaming\pcouffin.inf
2010-01-28 19:16 - 2014-05-17 22:08 - 0000033 _____ () C:\Users\JOSE\AppData\Roaming\pcouffin.log
2010-01-28 19:16 - 2014-05-17 22:08 - 0082816 _____ (VSO Software) C:\Users\JOSE\AppData\Roaming\pcouffin.sys
2014-06-19 09:10 - 2014-06-19 09:10 - 0000024 _____ () C:\Users\JOSE\AppData\Roaming\temp.ini
2010-01-28 19:17 - 2011-06-13 12:09 - 0001041 _____ () C:\Users\JOSE\AppData\Roaming\vso_ts_preview.xml
2010-01-20 23:43 - 2011-12-19 08:56 - 0007318 _____ () C:\Users\JOSE\AppData\Roaming\wklnhst.dat
2011-06-07 20:23 - 2011-06-07 20:23 - 0000000 ____H () C:\Users\JOSE\AppData\Local\BITDDD6.tmp
2010-02-03 19:08 - 2013-04-10 22:15 - 0015360 _____ () C:\Users\JOSE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-30 19:30 - 2014-06-02 20:11 - 0458240 _____ (Smart Access S.L.) C:\Users\JOSE\AppData\Local\DNIeService.exe
2011-06-07 20:23 - 2011-06-07 20:23 - 0000000 _____ () C:\Users\JOSE\AppData\Local\{558C606F-72D2-4EE6-9FB3-AC5F14452AC8}
2011-04-20 14:58 - 2011-04-20 14:58 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Files to move or delete:
====================
C:\Users\JOSE\BACKUP_ME.REG
C:\Users\JOSE\DNIe_v9_1_1_(64_bits).exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-06 00:52
 
==================== End Of Log ============================Attached File  Addition.txt   44.05KB   0 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 25 January 2015 - 10:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1385758516&from=cor&uid=WDCXWD6400AAKS-65A7B2_WD-WCASY765493354933&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=ES&userid=47dd794c-5cbc-e992-030f-cd15bea37aba&searchtype=ds&installDate=26/10/2013&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\JOSE\AppData\Roaming\Mozilla\Firefox\Profiles\9uou8dr8.default-1370772484184\user.js
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@holasearch.com [2014-12-23]
CHR Extension: (Google Wallet) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SafeBrowse) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak [2014-04-08]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\JOSE\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-06-20]
U3 afboc8b8; C:\Windows\System32\Drivers\afboc8b8.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
U2 wuaserv; No ImagePath
C:\Windows\System32\Drivers\afboc8b8.sys
C:\Users\JOSE\AppData\Roaming\SeeSimilar
C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@holasearch.com

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#3 jrcouso

jrcouso
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:07:53 PM

Posted 25 January 2015 - 11:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by JOSE at 2015-01-25 23:43:48 Run:1
Running from C:\Users\JOSE\Downloads
Loaded Profiles: JOSE (Available profiles: JOSE)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1385758516&from=cor&uid=WDCXWD6400AAKS-65A7B2_WD-WCASY765493354933&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2115087062-3500390577-4212252721-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=ES&userid=47dd794c-5cbc-e992-030f-cd15bea37aba&searchtype=ds&installDate=26/10/2013&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\JOSE\AppData\Roaming\Mozilla\Firefox\Profiles\9uou8dr8.default-1370772484184\user.js
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@holasearch.com [2014-12-23]
CHR Extension: (Google Wallet) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SafeBrowse) - C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak [2014-04-08]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\JOSE\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-06-20]
U3 afboc8b8; C:\Windows\System32\Drivers\afboc8b8.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
U2 wuaserv; No ImagePath
C:\Windows\System32\Drivers\afboc8b8.sys
C:\Users\JOSE\AppData\Roaming\SeeSimilar
C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@holasearch.com
 
End
*****************
 
Processes closed successfully.
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
HKU\S-1-5-21-2115087062-3500390577-4212252721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value deleted successfully.
HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => Key not found. 
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\JOSE\AppData\Roaming\Mozilla\Firefox\Profiles\9uou8dr8.default-1370772484184\user.js => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@holasearch.com => Moved successfully.
C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pggagllhehfjjfgnfnfkjedjlmbchamf" => Key deleted successfully.
C:\Users\JOSE\AppData\Roaming\SeeSimilar\SeeSimilar.crx => Moved successfully.
afboc8b8 => Service not found.
wuaserv => Service deleted successfully.
"C:\Windows\System32\Drivers\afboc8b8.sys" => File/Directory not found.
C:\Users\JOSE\AppData\Roaming\SeeSimilar => Moved successfully.
"C:\Users\JOSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@holasearch.com" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:43:50 ====
 
 
 
 
 
 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Argente - Registry Cleaner 3.1.0.1 
 JavaFX 2.1.1    
 Java™ 6 Update 15  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
  Adobe Flash Player 15.0.0.223 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.1 avp.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.1 avpui.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.1 x64 wmi64.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 26 January 2015 - 08:59 AM

Remove these old versions of Java using the Add/Remove programs applet.

JavaFX 2.1.1
Java™ 6 Update 15
Java 8 Update 25


Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

p.s. Wait until tomorry to update Flash. A new version is due today.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 jrcouso

jrcouso
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:07:53 PM

Posted 26 January 2015 - 01:09 PM

Thank you very much Nasdaq

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:53 PM

Posted 26 January 2015 - 02:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users