Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of PriceLess !


  • This topic is locked This topic is locked
40 replies to this topic

#1 bluecam

bluecam

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 18 April 2015 - 10:22 PM

I didn't pay a lot of attention to it when it first showed up and before I knew it there were files all over my PC listed 'File type: PriceLess'. I uninstalled a bunch of programs, including Chrome, after deleting the browser extension called PriceLess but I noticed that whenever I re-install Chrome it creates PriceLess files too. I keep getting rid of these files but I have no clue if that's the right thing to do now... I followed on of those self-help guides for removing it but even though it removes a lot of undesired files the problem's still here. :(

I'd appriciate any kind of help.

 

Here's the FRST thingy:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015
Ran by María (administrator) on ICARUS on 19-04-2015 00:15:36
Running from C:\Users\María\Desktop
Loaded Profiles: María (Available profiles: María)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\System32\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Oceanis) C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(CyberLink) C:\Program Files\Cyberlink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(SYSTEMAX Software Development Inc.) C:\Users\María\Desktop\PaintToolSAI\sai.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\MountPoints2: {6c9b7482-a605-11e1-8d18-0025ab02cbdc} - F:\autorun.exe
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\MountPoints2: {c2e9fd53-5eba-11e4-baa8-0025ab02cbdc} - H:\MI.exe
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-10] (Oceanis) <==== ATTENTION 
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ar.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-571857686-2835858580-2392399786-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2015-03-15] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2015-03-15] (LastPass)
Toolbar: HKU\S-1-5-21-571857686-2835858580-2392399786-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 200.42.4.204 200.49.130.41
Tcpip\..\Interfaces\{A51EB039-9E15-493E-830D-6275B4CCD387}: [NameServer] 8.8.8.8,8.8.4.4,
Tcpip\..\Interfaces\{D6821454-25BC-4119-92A0-9C26413DF8FE}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-28] (Sun Microsystems, Inc.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2015-03-15] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-18] (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll No File
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\María\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: @talk.google.com/O1DPlugin -> C:\Users\María\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: @tools.google.com/Google Update;version=3 -> C:\Users\María\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: @tools.google.com/Google Update;version=9 -> C:\Users\María\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
 
Chrome: 
=======
CHR Profile: C:\Users\María\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-18]
CHR Extension: (Google Docs) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-18]
CHR Extension: (Google Drive) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-18]
CHR Extension: (YouTube) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-18]
CHR Extension: (Google Search) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-18]
CHR Extension: (Google Sheets) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]
CHR Extension: (Google Wallet) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-18]
CHR Extension: (Gmail) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-07] (Adobe Systems) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [65664 2011-03-04] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [32896 2011-03-04] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-01-29] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 00:14 - 2015-04-19 00:15 - 00023407 _____ () C:\Users\María\Desktop\Addition.txt
2015-04-19 00:11 - 2015-04-19 00:16 - 00013840 _____ () C:\Users\María\Desktop\FRST.txt
2015-04-19 00:10 - 2015-04-19 00:15 - 00000000 ____D () C:\FRST
2015-04-19 00:08 - 2015-04-19 00:09 - 01137664 _____ (Farbar) C:\Users\María\Desktop\FRST.exe
2015-04-18 23:14 - 2015-04-18 23:20 - 00000000 ____D () C:\AdwCleaner
2015-04-18 23:11 - 2015-04-18 23:21 - 00011466 _____ () C:\Windows\PFRO.log
2015-04-18 23:11 - 2015-04-18 23:21 - 00000112 _____ () C:\Windows\setupact.log
2015-04-18 23:11 - 2015-04-18 23:12 - 02140520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 23:11 - 2015-04-18 23:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-18 22:49 - 2015-04-18 23:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-18 22:48 - 2015-04-18 22:48 - 00001022 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-18 22:48 - 2015-04-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-18 22:48 - 2015-04-18 22:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-18 22:48 - 2015-04-18 22:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-18 22:48 - 2015-03-17 06:24 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-18 22:48 - 2015-03-17 06:24 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-18 22:48 - 2015-03-17 06:24 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-18 22:43 - 2015-04-18 22:43 - 00001431 _____ () C:\Users\María\Desktop\mbam-setup - Acceso directo.lnk
2015-04-18 22:40 - 2015-04-18 22:40 - 00000000 ____D () C:\Users\María\AppData\Roaming\Adobe
2015-04-18 22:36 - 2015-04-18 22:38 - 02217984 _____ () C:\Users\María\Desktop\adwcleaner_4.201.exe
2015-04-18 22:28 - 2015-04-18 22:40 - 21540904 _____ (Malwarebytes Corporation ) C:\Users\María\Downloads\mbam-setup.exe
2015-04-18 22:27 - 2015-04-18 22:29 - 00002358 _____ () C:\Users\María\Desktop\Rkill.txt
2015-04-18 22:26 - 2015-04-18 22:26 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\María\Downloads\iExplore.exe
2015-04-18 22:11 - 2015-04-18 23:25 - 00000000 ____D () C:\Users\María\AppData\Local\Google
2015-04-18 22:02 - 2015-04-18 22:03 - 00009865 _____ () C:\Users\María\Documents\Uninstall Dragon Age 2.log
2015-04-18 20:49 - 2015-04-18 20:49 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-18 20:49 - 2015-04-18 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-18 20:45 - 2015-04-18 20:49 - 00000000 ____D () C:\Program Files\Google
2015-04-18 20:43 - 2015-04-18 20:43 - 00109400 _____ () C:\Users\María\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 20:43 - 2015-04-18 20:43 - 00000000 ____D () C:\Users\María\AppData\Local\Hewlett-Packard
2015-04-18 19:29 - 2015-04-18 19:29 - 00000000 ____D () C:\Users\María\AppData\Local\Greenshot
2015-04-18 19:10 - 2015-04-18 19:10 - 00000000 ____D () C:\Users\María\AppData\Local\Apple Computer
2015-04-18 19:00 - 2015-04-18 20:34 - 00000000 __SHD () C:\Users\María\AppData\Local\EmieUserList
2015-04-18 19:00 - 2015-04-18 20:34 - 00000000 __SHD () C:\Users\María\AppData\Local\EmieSiteList
2015-04-18 19:00 - 2015-04-18 20:34 - 00000000 __SHD () C:\Users\María\AppData\Local\EmieBrowserModeList
2015-04-16 18:25 - 2015-04-18 15:08 - 12066816 _____ () C:\Users\María\Desktop\hutts peach tux.sai
2015-04-16 14:17 - 2015-04-16 14:17 - 00950272 _____ () C:\Users\María\Desktop\aassd.sai
2015-04-16 02:39 - 2015-04-16 02:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-04-15 19:12 - 2015-04-15 19:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-15 12:30 - 2015-03-23 00:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 12:30 - 2015-03-22 23:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 12:30 - 2015-03-17 02:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 12:30 - 2015-03-17 02:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 12:30 - 2015-03-17 02:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 12:30 - 2015-03-17 02:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 12:30 - 2015-03-17 01:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 12:30 - 2015-03-17 01:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 12:30 - 2015-03-17 01:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 12:30 - 2015-03-17 01:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 12:30 - 2015-03-17 01:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 12:30 - 2015-03-17 01:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 12:30 - 2015-03-17 01:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 12:30 - 2015-03-17 01:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 12:30 - 2015-03-17 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 12:30 - 2015-03-17 01:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 12:30 - 2015-03-17 01:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 12:30 - 2015-03-04 01:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 12:30 - 2015-03-04 01:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 12:29 - 2015-03-05 01:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 12:28 - 2015-04-01 20:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 12:28 - 2015-03-13 00:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 12:28 - 2015-03-13 00:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 12:28 - 2015-03-13 00:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 12:28 - 2015-03-13 00:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 12:28 - 2015-03-13 00:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 12:28 - 2015-03-13 00:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 12:28 - 2015-03-13 00:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 12:28 - 2015-03-13 00:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 12:28 - 2015-03-13 00:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 12:28 - 2015-03-13 00:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 12:28 - 2015-03-13 00:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 12:28 - 2015-03-13 00:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 12:28 - 2015-03-13 00:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 12:28 - 2015-03-13 00:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 12:28 - 2015-03-13 00:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 12:28 - 2015-03-13 00:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 12:28 - 2015-03-12 23:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 12:28 - 2015-03-12 23:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 12:28 - 2015-03-12 23:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 12:28 - 2015-03-12 23:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 12:28 - 2015-03-12 23:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 12:28 - 2015-03-12 23:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 12:28 - 2015-03-12 23:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 12:28 - 2015-03-12 23:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 12:28 - 2015-03-12 23:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 12:28 - 2015-03-12 23:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 12:28 - 2015-03-12 23:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 12:27 - 2015-03-13 00:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 12:27 - 2015-03-13 00:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 12:27 - 2015-03-12 23:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 12:26 - 2015-03-25 00:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 12:26 - 2015-03-25 00:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 12:25 - 2015-03-10 00:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 12:25 - 2015-03-10 00:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 12:25 - 2015-02-25 00:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 12:50 - 2015-04-14 12:50 - 00001715 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-14 12:50 - 2015-04-14 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-14 12:46 - 2015-04-14 12:49 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-14 12:46 - 2015-04-14 12:49 - 00000000 ____D () C:\Program Files\iTunes
2015-04-14 12:46 - 2015-04-14 12:46 - 00000000 ____D () C:\Program Files\iPod
2015-04-05 03:03 - 2015-04-05 03:06 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 01:32 - 2015-04-05 01:32 - 06967296 _____ () C:\Users\María\Desktop\scribebday.sai
2015-04-04 17:35 - 2015-04-04 17:36 - 00000000 ____D () C:\Users\María\Downloads\vib_portrait_set__1_by_ahrum_stock-d592ypr
2015-04-04 17:35 - 2015-04-04 17:35 - 00000000 ____D () C:\Users\María\Downloads\vib_3_4_set_1_by_ahrum_stock-d5a736f
2015-04-04 17:35 - 2015-04-04 17:35 - 00000000 ____D () C:\Users\María\Downloads\NoahsTools
2015-04-04 17:34 - 2015-04-04 17:34 - 00000000 ____D () C:\Users\María\Downloads\Fanpro (Gens 11 - 14)
2015-03-29 19:58 - 2015-03-29 19:58 - 00000832 _____ () C:\Users\María\Desktop\BioShock 2 - Acceso directo.lnk
2015-03-29 19:57 - 2015-03-29 19:57 - 00000214 _____ () C:\Users\María\Desktop\BioShock 2.url
2015-03-28 17:05 - 2015-03-29 21:17 - 00000000 ____D () C:\Users\María\AppData\Roaming\Bioshock2Steam
2015-03-28 17:05 - 2015-03-28 17:05 - 00000000 ____D () C:\Users\María\Documents\Bioshock2
2015-03-24 15:20 - 2015-03-26 23:35 - 00000000 ____D () C:\Users\María\AppData\Roaming\Bioshock
2015-03-24 15:20 - 2015-03-24 15:30 - 00000000 ____D () C:\Users\María\Documents\Bioshock
2015-03-23 16:58 - 2015-03-23 16:58 - 00000214 _____ () C:\Users\María\Desktop\BioShock.url
2015-03-21 19:53 - 2015-04-18 21:40 - 00000000 ____D () C:\Program Files\Steam
2015-03-21 19:53 - 2015-03-21 19:53 - 00000883 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-03-21 19:53 - 2015-03-21 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-20 23:13 - 2015-03-20 23:13 - 00001096 _____ () C:\Users\Public\Desktop\FireAlpaca.lnk
2015-03-20 23:13 - 2015-03-20 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireAlpaca
2015-03-20 23:12 - 2015-03-20 23:12 - 00000000 ____D () C:\Program Files\FireAlpaca
2015-03-20 23:05 - 2015-04-19 00:04 - 00000000 ____D () C:\Users\María\Desktop\PaintToolSAI
2015-03-20 23:04 - 2015-03-20 23:05 - 00000600 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
2015-03-20 23:04 - 2015-03-20 23:05 - 00000570 _____ () C:\Users\Public\Desktop\PaintTool SAI Ver.1.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 00:13 - 2009-07-14 01:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 00:13 - 2009-07-14 01:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 23:50 - 2012-05-24 18:36 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-18 23:40 - 2011-12-20 20:52 - 01105371 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 23:22 - 2012-05-24 18:36 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 23:21 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 23:11 - 2014-06-27 23:42 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-571857686-2835858580-2392399786-1000UA.job
2015-04-18 23:11 - 2014-06-27 23:42 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-571857686-2835858580-2392399786-1000Core.job
2015-04-18 23:11 - 2013-12-18 22:31 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForMaría.job
2015-04-18 23:11 - 2012-05-06 19:19 - 00000000 ____D () C:\Users\María\AppData\Roaming\Dropbox
2015-04-18 23:10 - 2012-03-25 18:46 - 00000000 ____D () C:\ProgramData\InstallMate
2015-04-18 22:46 - 2012-05-24 22:12 - 00000000 ____D () C:\Program Files\Ubisoft
2015-04-18 22:45 - 2011-08-29 15:53 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-18 22:40 - 2011-12-20 20:56 - 00000000 ____D () C:\Users\María
2015-04-18 22:03 - 2015-01-26 23:32 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2015-04-18 22:02 - 2009-07-14 01:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-18 22:01 - 2012-02-12 20:39 - 00000000 ____D () C:\ProgramData\Skype
2015-04-18 21:56 - 2011-12-29 11:10 - 00000000 ____D () C:\Users\María\AppData\Roaming\Apple Computer
2015-04-18 21:32 - 2011-02-11 13:24 - 00000000 __RHD () C:\SYSTEM.SAV
2015-04-18 20:19 - 2013-05-24 19:19 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2015-04-18 20:01 - 2011-12-21 11:09 - 00000000 ____D () C:\Users\María\Desktop\María
2015-04-18 19:57 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-18 19:01 - 2012-12-07 22:54 - 00000000 ____D () C:\Users\María\AppData\Roaming\vlc
2015-04-18 17:06 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-17 19:53 - 2010-11-20 18:01 - 01653420 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 11:42 - 2009-07-14 01:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-16 11:39 - 2014-12-11 03:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 11:39 - 2014-05-06 23:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 02:57 - 2013-07-23 23:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 02:44 - 2011-12-21 14:13 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 19:12 - 2015-03-15 21:11 - 00000000 ___RD () C:\Users\Public
2015-04-15 11:57 - 2012-10-20 13:33 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-04-14 12:46 - 2011-12-28 15:19 - 00000000 ____D () C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2015-03-15 18:05 - 2015-03-15 18:05 - 10439224 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2012-05-25 10:54 - 2012-05-25 10:54 - 0000173 _____ () C:\Users\María\AppData\Local\msmathematics.qat.María
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 12:39
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:33 PM

Posted 22 April 2015 - 06:17 PM

Hello bluecam and welcome to BC!! :thumbsup:

We apologize for the delay in response to your topic...but now that I have responded, I will stay with you until the end!

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

==============================

Before we begin, I'd like you to answer me the below question...then I'd like you to post a fresh FRST scan for my review (since it's been a few days, I'd like to see the most current state of the machine).
 

I followed on of those self-help guides for removing it but even though it removes a lot of undesired files the problem's still here. :(

Exactly which one of those "self-help" guides did you follow? ...I ask because I'd like to get an idea of what's already been done to the machine before you came here. :wink:

 

==========

 

After answering the above question, please delete the current FRST.txt from your desktop, and then please re-scan with FRST, posting the fresh FRST.txt in your next reply.

 

Then we'll get to work! :)

 

bloopie



#3 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 22 April 2015 - 10:03 PM

Hi bloopie! Thank you so much for replying! And no worries, I understand you guys are volunteering so I appreciate the help! (Besides, average response time was said to be 5 days so I think this is actually early :P)
 
  • I... haven't solved it... I wish I had but I have no clue how to anyway so...
  • I don't think I have the original Windows CD. Sorry :(
 
I tried doing this!  I'm pretty sure I followed all the steps right but maybe not because the problem is still here :( (Did I actually manage to make things worse by doing that? T^T)
 
I'll post the thingy in the next reply. 
 
Thank you again for the help!  :hug:


#4 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 22 April 2015 - 10:10 PM

Also, I have no clue if this is relevant but I'm not the only one that uses this computer (and even though I asked everyone not to ran any programs and stuff to get rid of the thing) and I'm preeeeeetty sure (not 100% but I have a hunch) that my bro ran CCleaner (and maybe uninstalled something with Revo) did a registry clean thing or something. Again, dunno about relevance but I thought I'd tell you.

 

(Also, should I show you the Addition.txt too or Nah?)



#5 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 22 April 2015 - 10:12 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by María (administrator) on ICARUS on 23-04-2015 00:07:31
Running from C:\Users\María\Desktop
Loaded Profiles: María (Available profiles: María)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\System32\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oceanis) C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(CyberLink) C:\Program Files\Cyberlink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\MountPoints2: {6c9b7482-a605-11e1-8d18-0025ab02cbdc} - F:\autorun.exe
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\MountPoints2: {c2e9fd53-5eba-11e4-baa8-0025ab02cbdc} - H:\MI.exe
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-10] (Oceanis) <==== ATTENTION 
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-15]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ar.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-571857686-2835858580-2392399786-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2015-03-15] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2015-03-15] (LastPass)
Toolbar: HKU\S-1-5-21-571857686-2835858580-2392399786-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 200.42.4.204 200.49.130.41
Tcpip\..\Interfaces\{A51EB039-9E15-493E-830D-6275B4CCD387}: [NameServer] 8.8.8.8,8.8.4.4,
Tcpip\..\Interfaces\{D6821454-25BC-4119-92A0-9C26413DF8FE}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-28] (Sun Microsystems, Inc.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2015-03-15] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-18] (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll No File
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\María\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: @talk.google.com/O1DPlugin -> C:\Users\María\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: @tools.google.com/Google Update;version=3 -> C:\Users\María\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: @tools.google.com/Google Update;version=9 -> C:\Users\María\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-571857686-2835858580-2392399786-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
 
Chrome: 
=======
CHR Profile: C:\Users\María\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-21]
CHR Extension: (Google Docs) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-21]
CHR Extension: (Google Drive) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-21]
CHR Extension: (YouTube) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-21]
CHR Extension: (Google Search) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-21]
CHR Extension: (Google Sheets) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-21]
CHR Extension: (Bookmark Manager) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-21]
CHR Extension: (Google Wallet) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-21]
CHR Extension: (Gmail) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-07] (Adobe Systems) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [65664 2011-03-04] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [32896 2011-03-04] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-01-29] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 00:07 - 2015-04-23 00:08 - 00014137 _____ () C:\Users\María\Desktop\FRST.txt
2015-04-22 23:54 - 2015-04-22 23:54 - 00000000 _____ () C:\Users\María\defogger_reenable
2015-04-22 23:51 - 2015-04-22 23:51 - 00005259 _____ () C:\Users\María\Documents\sgmmm.txt
2015-04-21 23:47 - 2015-04-21 23:47 - 00000164 _____ () C:\Users\María\Downloads\Bookmarks.html
2015-04-21 22:48 - 2015-04-21 22:48 - 00002973 _____ () C:\Users\María\Documents\sgm.txt
2015-04-21 17:44 - 2015-04-22 23:55 - 00000000 ____D () C:\Users\María\Desktop\FRST-OlderVersion
2015-04-21 13:19 - 2015-04-21 13:19 - 00000244 _____ () C:\Users\María\Desktop\defogger_enable.log
2015-04-21 13:18 - 2015-04-22 23:55 - 00000472 _____ () C:\Users\María\Desktop\defogger_disable.log
2015-04-21 13:16 - 2015-04-21 13:17 - 00000472 _____ () C:\Users\María\Downloads\defogger_disable.log
2015-04-21 13:15 - 2015-04-21 13:15 - 00050477 _____ () C:\Users\María\Desktop\Defogger.exe
2015-04-21 13:10 - 2015-04-21 13:38 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2015-04-19 20:11 - 2015-04-19 20:11 - 00000000 ____D () C:\Users\María\AppData\Local\Apple
2015-04-19 18:22 - 2015-04-19 18:22 - 00109400 _____ () C:\Users\María\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 13:56 - 2015-04-19 14:00 - 00000000 ____D () C:\Users\María\AppData\Roaming\SoftGrid Client
2015-04-19 00:10 - 2015-04-23 00:07 - 00000000 ____D () C:\FRST
2015-04-19 00:08 - 2015-04-21 17:44 - 01139200 _____ (Farbar) C:\Users\María\Desktop\FRST.exe
2015-04-18 23:14 - 2015-04-18 23:20 - 00000000 ____D () C:\AdwCleaner
2015-04-18 23:11 - 2015-04-22 13:12 - 00000336 _____ () C:\Windows\setupact.log
2015-04-18 23:11 - 2015-04-21 12:59 - 00012088 _____ () C:\Windows\PFRO.log
2015-04-18 23:11 - 2015-04-18 23:12 - 02140520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 23:11 - 2015-04-18 23:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-18 22:49 - 2015-04-23 00:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-18 22:48 - 2015-04-18 22:48 - 00001022 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-18 22:48 - 2015-04-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-18 22:48 - 2015-04-18 22:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-18 22:48 - 2015-04-18 22:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-18 22:48 - 2015-03-17 06:24 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-18 22:48 - 2015-03-17 06:24 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-18 22:48 - 2015-03-17 06:24 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-18 22:43 - 2015-04-18 22:43 - 00001431 _____ () C:\Users\María\Desktop\mbam-setup - Acceso directo.lnk
2015-04-18 22:40 - 2015-04-18 22:40 - 00000000 ____D () C:\Users\María\AppData\Roaming\Adobe
2015-04-18 22:36 - 2015-04-18 22:38 - 02217984 _____ () C:\Users\María\Desktop\adwcleaner_4.201.exe
2015-04-18 22:28 - 2015-04-18 22:40 - 21540904 _____ (Malwarebytes Corporation ) C:\Users\María\Downloads\mbam-setup.exe
2015-04-18 22:27 - 2015-04-18 22:29 - 00002358 _____ () C:\Users\María\Desktop\Rkill.txt
2015-04-18 22:26 - 2015-04-18 22:26 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\María\Downloads\iExplore.exe
2015-04-18 22:11 - 2015-04-21 18:54 - 00000000 ____D () C:\Users\María\AppData\Local\Google
2015-04-18 22:02 - 2015-04-18 22:03 - 00009865 _____ () C:\Users\María\Documents\Uninstall Dragon Age 2.log
2015-04-18 20:49 - 2015-04-18 20:49 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-18 20:49 - 2015-04-18 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-18 20:45 - 2015-04-18 20:49 - 00000000 ____D () C:\Program Files\Google
2015-04-18 20:43 - 2015-04-18 20:43 - 00000000 ____D () C:\Users\María\AppData\Local\Hewlett-Packard
2015-04-18 19:29 - 2015-04-18 19:29 - 00000000 ____D () C:\Users\María\AppData\Local\Greenshot
2015-04-18 19:10 - 2015-04-18 19:10 - 00000000 ____D () C:\Users\María\AppData\Local\Apple Computer
2015-04-18 19:00 - 2015-04-18 20:34 - 00000000 __SHD () C:\Users\María\AppData\Local\EmieUserList
2015-04-18 19:00 - 2015-04-18 20:34 - 00000000 __SHD () C:\Users\María\AppData\Local\EmieSiteList
2015-04-18 19:00 - 2015-04-18 20:34 - 00000000 __SHD () C:\Users\María\AppData\Local\EmieBrowserModeList
2015-04-16 18:25 - 2015-04-19 15:28 - 10506240 _____ () C:\Users\María\Desktop\hutts peach tux.sai
2015-04-16 14:17 - 2015-04-16 14:17 - 00950272 _____ () C:\Users\María\Desktop\aassd.sai
2015-04-16 02:39 - 2015-04-16 02:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-04-15 19:12 - 2015-04-15 19:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-15 12:30 - 2015-03-23 00:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 12:30 - 2015-03-23 00:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 12:30 - 2015-03-22 23:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 12:30 - 2015-03-17 02:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 12:30 - 2015-03-17 02:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 12:30 - 2015-03-17 02:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 12:30 - 2015-03-17 02:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 12:30 - 2015-03-17 01:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 12:30 - 2015-03-17 01:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 12:30 - 2015-03-17 01:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 12:30 - 2015-03-17 01:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 12:30 - 2015-03-17 01:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 12:30 - 2015-03-17 01:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 12:30 - 2015-03-17 01:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 12:30 - 2015-03-17 01:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 12:30 - 2015-03-17 01:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 12:30 - 2015-03-17 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 12:30 - 2015-03-17 01:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 12:30 - 2015-03-17 01:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 12:30 - 2015-03-04 01:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 12:30 - 2015-03-04 01:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 12:29 - 2015-03-05 01:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 12:28 - 2015-04-01 20:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 12:28 - 2015-03-13 00:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 12:28 - 2015-03-13 00:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 12:28 - 2015-03-13 00:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 12:28 - 2015-03-13 00:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 12:28 - 2015-03-13 00:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 12:28 - 2015-03-13 00:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 12:28 - 2015-03-13 00:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 12:28 - 2015-03-13 00:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 12:28 - 2015-03-13 00:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 12:28 - 2015-03-13 00:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 12:28 - 2015-03-13 00:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 12:28 - 2015-03-13 00:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 12:28 - 2015-03-13 00:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 12:28 - 2015-03-13 00:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 12:28 - 2015-03-13 00:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 12:28 - 2015-03-13 00:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 12:28 - 2015-03-12 23:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 12:28 - 2015-03-12 23:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 12:28 - 2015-03-12 23:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 12:28 - 2015-03-12 23:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 12:28 - 2015-03-12 23:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 12:28 - 2015-03-12 23:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 12:28 - 2015-03-12 23:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 12:28 - 2015-03-12 23:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 12:28 - 2015-03-12 23:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 12:28 - 2015-03-12 23:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 12:28 - 2015-03-12 23:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 12:27 - 2015-03-13 00:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 12:27 - 2015-03-13 00:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 12:27 - 2015-03-12 23:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 12:26 - 2015-03-25 00:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 12:26 - 2015-03-25 00:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 12:26 - 2015-03-25 00:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 12:25 - 2015-03-10 00:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 12:25 - 2015-03-10 00:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 12:25 - 2015-02-25 00:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 12:50 - 2015-04-14 12:50 - 00001715 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-14 12:50 - 2015-04-14 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-14 12:46 - 2015-04-14 12:49 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-14 12:46 - 2015-04-14 12:49 - 00000000 ____D () C:\Program Files\iTunes
2015-04-14 12:46 - 2015-04-14 12:46 - 00000000 ____D () C:\Program Files\iPod
2015-04-05 03:03 - 2015-04-05 03:06 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 01:32 - 2015-04-05 01:32 - 06967296 _____ () C:\Users\María\Desktop\scribebday.sai
2015-04-04 17:35 - 2015-04-04 17:35 - 00000000 ____D () C:\Users\María\Downloads\NoahsTools
2015-03-29 19:58 - 2015-03-29 19:58 - 00000832 _____ () C:\Users\María\Desktop\BioShock 2 - Acceso directo.lnk
2015-03-29 19:57 - 2015-03-29 19:57 - 00000214 _____ () C:\Users\María\Desktop\BioShock 2.url
2015-03-28 17:05 - 2015-03-29 21:17 - 00000000 ____D () C:\Users\María\AppData\Roaming\Bioshock2Steam
2015-03-28 17:05 - 2015-03-28 17:05 - 00000000 ____D () C:\Users\María\Documents\Bioshock2
2015-03-24 15:20 - 2015-03-26 23:35 - 00000000 ____D () C:\Users\María\AppData\Roaming\Bioshock
2015-03-24 15:20 - 2015-03-24 15:30 - 00000000 ____D () C:\Users\María\Documents\Bioshock
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 23:56 - 2011-12-20 20:52 - 01553566 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 23:55 - 2011-12-21 11:09 - 00000000 ____D () C:\Users\María\Desktop\María
2015-04-22 23:54 - 2011-12-20 20:56 - 00000000 ____D () C:\Users\María
2015-04-22 23:50 - 2012-05-24 18:36 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 23:32 - 2012-05-24 18:36 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 13:21 - 2009-07-14 01:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 13:21 - 2009-07-14 01:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 13:12 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 23:42 - 2012-12-07 22:54 - 00000000 ____D () C:\Users\María\AppData\Roaming\vlc
2015-04-20 00:00 - 2011-12-29 11:10 - 00000000 ____D () C:\Users\María\AppData\Roaming\Apple Computer
2015-04-19 15:34 - 2015-03-20 23:05 - 00000000 ____D () C:\Users\María\Desktop\PaintToolSAI
2015-04-19 11:20 - 2011-12-22 18:19 - 00000000 ____D () C:\ProgramData\HP
2015-04-19 11:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-19 10:59 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-18 23:11 - 2014-06-27 23:42 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-571857686-2835858580-2392399786-1000UA.job
2015-04-18 23:11 - 2014-06-27 23:42 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-571857686-2835858580-2392399786-1000Core.job
2015-04-18 23:11 - 2013-12-18 22:31 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForMaría.job
2015-04-18 23:11 - 2012-05-06 19:19 - 00000000 ____D () C:\Users\María\AppData\Roaming\Dropbox
2015-04-18 22:46 - 2012-05-24 22:12 - 00000000 ____D () C:\Program Files\Ubisoft
2015-04-18 22:45 - 2011-08-29 15:53 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-18 22:03 - 2015-01-26 23:32 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2015-04-18 22:02 - 2009-07-14 01:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-18 21:40 - 2015-03-21 19:53 - 00000000 ____D () C:\Program Files\Steam
2015-04-18 21:32 - 2011-02-11 13:24 - 00000000 __RHD () C:\SYSTEM.SAV
2015-04-18 20:19 - 2013-05-24 19:19 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2015-04-17 19:53 - 2010-11-20 18:01 - 01653420 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 11:42 - 2009-07-14 01:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-16 11:39 - 2014-12-11 03:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 11:39 - 2014-05-06 23:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 02:57 - 2013-07-23 23:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 02:44 - 2011-12-21 14:13 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 19:12 - 2015-03-15 21:11 - 00000000 ___RD () C:\Users\Public
2015-04-15 11:57 - 2012-10-20 13:33 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-04-14 12:46 - 2011-12-28 15:19 - 00000000 ____D () C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2015-03-15 18:05 - 2015-03-15 18:05 - 10439224 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 12:39
 
==================== End Of Log ============================


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:33 PM

Posted 23 April 2015 - 05:33 PM

Hello again bluecam,

Okay, thanks for that information. :thumbup2:

Let's begin with the below steps:

Step :step1:

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   1.53KB   3 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

==========

After posting both requested logs in your next reply, please let me know how the machine is running after this fix!

bloopie



#7 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 23 April 2015 - 06:20 PM

So, uh, I think I messed up........ 

I ran FRST and then ComboFix and I guess I was supposed to save or copy the fixlog.txt somewhere but I didn't and then it got deleted.......................................

I'm Dumb. Sorry.

 

EDIT: IM STILL SUPER DUMB BUT I THINK I FOUND IT? haha I'm so dumb im so dumb sorry

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by María at 2015-04-23 19:40:02 Run:1
Running from C:\Users\María\Desktop
Loaded Profiles: María (Available profiles: María)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\MountPoints2: {6c9b7482-a605-11e1-8d18-0025ab02cbdc} - F:\autorun.exe
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\MountPoints2: {c2e9fd53-5eba-11e4-baa8-0025ab02cbdc} - H:\MI.exe
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-10] (Oceanis) <==== ATTENTION 
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-571857686-2835858580-2392399786-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-21]
C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully.
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value deleted successfully.
"HKU\S-1-5-21-571857686-2835858580-2392399786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c9b7482-a605-11e1-8d18-0025ab02cbdc}" => Key deleted successfully.
HKCR\CLSID\{6c9b7482-a605-11e1-8d18-0025ab02cbdc} => Key not found. 
"HKU\S-1-5-21-571857686-2835858580-2392399786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2e9fd53-5eba-11e4-baa8-0025ab02cbdc}" => Key deleted successfully.
HKCR\CLSID\{c2e9fd53-5eba-11e4-baa8-0025ab02cbdc} => Key not found. 
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-571857686-2835858580-2392399786-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg => Moved successfully.
"C:\Users\María\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:40:10 ====
 
 
 

 

 

Here's the ComboFix.txt

 

ComboFix 15-04-19.01 - María 23/04/2015  19:57:53.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.54.3082.18.1637.642 [GMT -3:00]
Running from: c:\users\María\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6342036133120839042
c:\programdata\6342036133120839042\cd5b15e575e1c3d078b4d9a115b1fa5f.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-23 to 2015-04-23  )))))))))))))))))))))))))))))))
.
.
2015-04-23 23:11 . 2015-04-23 23:11 -------- d-----w- c:\users\María\AppData\Local\temp
2015-04-23 23:11 . 2015-04-23 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-23 22:38 . 2015-04-23 22:38 -------- d-----w- c:\users\María\AppData\Local\Microsoft Help
2015-04-21 16:18 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDDA6A7F-F3C7-4019-B4C8-655C2FE14F19}\mpengine.dll
2015-04-21 16:10 . 2015-04-21 16:38 -------- d-----w- c:\programdata\VirtualizedApplications
2015-04-20 03:13 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-20 03:09 . 2015-04-20 03:09 -------- d-----r- c:\users\María\Contacts
2015-04-19 23:11 . 2015-04-19 23:11 -------- d-----w- c:\users\María\AppData\Local\Apple
2015-04-19 16:56 . 2015-04-23 21:01 -------- d-----w- c:\users\María\AppData\Roaming\SoftGrid Client
2015-04-19 03:10 . 2015-04-23 22:40 -------- d-----w- C:\FRST
2015-04-19 02:14 . 2015-04-19 02:20 -------- d-----w- C:\AdwCleaner
2015-04-19 01:49 . 2015-04-23 22:43 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-19 01:48 . 2015-04-19 01:48 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-19 01:48 . 2015-04-19 01:48 -------- d-----w- c:\programdata\Malwarebytes
2015-04-19 01:48 . 2015-03-17 09:24 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-19 01:48 . 2015-03-17 09:24 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-19 01:48 . 2015-03-17 09:24 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-19 01:47 . 2015-04-19 01:47 -------- d-----w- c:\users\María\AppData\Local\Programs
2015-04-19 01:40 . 2015-04-19 01:42 -------- d-----r- c:\users\María\Favorites
2015-04-19 01:40 . 2015-04-19 01:40 -------- d-----w- c:\users\María\AppData\Roaming\Adobe
2015-04-19 01:40 . 2015-04-19 01:40 -------- d-----r- c:\users\María\Searches
2015-04-19 01:11 . 2015-04-21 21:54 -------- d-----w- c:\users\María\AppData\Local\Google
2015-04-18 23:45 . 2015-04-18 23:49 -------- d-----w- c:\program files\Google
2015-04-18 23:43 . 2015-04-18 23:43 -------- d-----w- c:\users\María\AppData\Local\Hewlett-Packard
2015-04-18 22:29 . 2015-04-18 22:29 -------- d-----w- c:\users\María\AppData\Local\Greenshot
2015-04-18 22:10 . 2015-04-18 22:10 -------- d-----w- c:\users\María\AppData\Local\Apple Computer
2015-04-18 22:00 . 2015-04-18 23:34 -------- d-sh--w- c:\users\María\AppData\Local\EmieUserList
2015-04-18 22:00 . 2015-04-18 23:34 -------- d-sh--w- c:\users\María\AppData\Local\EmieSiteList
2015-04-18 22:00 . 2015-04-18 23:34 -------- d-sh--w- c:\users\María\AppData\Local\EmieBrowserModeList
2015-04-15 22:12 . 2015-04-15 22:12 -------- d--h--r- c:\users\Public\Libraries
2015-04-15 15:29 . 2015-03-05 04:06 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-04-15 15:27 . 2015-03-13 02:56 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-04-15 15:27 . 2015-03-13 03:28 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-04-15 15:27 . 2015-03-13 02:49 4305408 ----a-w- c:\windows\system32\jscript9.dll
2015-04-15 15:26 . 2015-03-25 03:00 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-04-15 15:26 . 2015-03-25 03:00 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-04-15 15:26 . 2015-03-25 03:00 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-04-15 15:26 . 2015-03-25 03:00 35328 ----a-w- c:\windows\system32\wups2.dll
2015-04-15 15:26 . 2015-03-25 03:00 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-04-15 15:26 . 2015-03-25 03:00 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-04-15 15:26 . 2015-03-25 03:00 29696 ----a-w- c:\windows\system32\wups.dll
2015-04-15 15:26 . 2015-03-25 03:00 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-04-15 15:26 . 2015-03-25 03:00 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-04-15 15:26 . 2015-03-25 03:00 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-04-15 15:26 . 2015-03-25 03:00 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-04-15 15:25 . 2015-02-25 03:03 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-15 15:25 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-15 15:25 . 2015-03-10 03:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-04-14 15:46 . 2015-04-14 15:46 -------- d-----w- c:\program files\iPod
2015-04-14 15:46 . 2015-04-14 15:49 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-14 15:46 . 2015-04-14 15:49 -------- d-----w- c:\program files\iTunes
2015-04-05 06:03 . 2015-04-05 06:06 -------- d-s---w- c:\windows\system32\GWX
2015-04-01 03:19 . 2015-03-26 19:06 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F827FE09-72BD-4F13-903E-368685995CBF}\gapaengine.dll
2015-03-28 20:05 . 2015-03-30 00:17 -------- d-----w- c:\users\María\AppData\Roaming\Bioshock2Steam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-26 19:06 . 2012-06-12 23:13 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-15 21:05 . 2015-03-15 21:05 10439224 ----a-w- c:\program files\Common Files\lpuninstall.exe
2015-03-03 13:16 . 2011-02-10 21:39 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-26 03:11 . 2015-03-12 14:30 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:13 . 2015-03-11 16:40 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-11 16:40 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-11 16:40 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-11 16:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-11 16:40 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-07 06:34 . 2015-02-07 06:34 0 ----a-w- c:\windows\system32\sho26A0.tmp
2015-02-04 15:23 . 2015-02-04 15:23 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 02:54 . 2015-03-11 16:40 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-03 03:16 . 2015-03-11 16:39 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:12 . 2015-03-11 16:39 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 16:38 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:12 . 2015-03-12 14:30 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 16:44 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:12 . 2015-03-11 16:38 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 16:38 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 16:38 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:12 . 2015-03-11 16:39 1329664 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:12 . 2015-03-11 16:39 519680 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:12 . 2015-03-11 16:38 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 16:39 157184 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:12 . 2015-03-11 16:38 28160 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:12 . 2015-03-11 16:38 8192 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:12 . 2015-03-11 16:39 504320 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:12 . 2015-03-11 16:38 265216 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 16:38 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:12 . 2015-03-11 16:39 3209728 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:12 . 2015-03-11 16:39 354816 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:12 . 2015-03-11 16:38 103424 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:12 . 2015-03-11 16:39 489984 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:12 . 2015-03-11 16:38 275968 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:12 . 2015-03-11 16:39 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 16:39 406016 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 16:39 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:12 . 2015-03-11 16:39 1005056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:12 . 2015-03-11 16:39 81408 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:12 . 2015-03-11 16:38 103936 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:12 . 2015-03-11 16:38 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:12 . 2015-03-11 16:39 744960 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:12 . 2015-03-11 16:38 475136 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:12 . 2015-03-11 16:38 27648 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:12 . 2015-03-11 16:38 374784 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:12 . 2015-03-11 16:38 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:12 . 2015-03-11 16:38 195584 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:11 . 2015-03-11 16:38 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:11 . 2015-03-11 16:38 9728 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:11 . 2015-03-11 16:38 8192 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:11 . 2015-03-11 16:38 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:11 . 2015-03-11 16:38 100864 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:11 . 2015-03-11 16:38 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:11 . 2015-03-11 16:38 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:11 . 2015-03-11 16:38 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:10 . 2015-03-11 16:38 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:09 . 2015-03-11 16:38 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:00 . 2015-03-11 16:39 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 02:26 . 2015-03-11 16:38 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-01-31 03:33 . 2015-03-11 16:44 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2015-01-31 03:33 . 2015-03-11 16:44 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-31 00:48 . 2015-03-11 16:44 221184 ----a-w- c:\windows\system32\rdpudd.dll
2015-01-30 23:56 . 2015-03-11 16:39 370488 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-29 04:49 . 2015-01-29 04:49 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2015-01-27 23:36 . 2015-02-10 22:14 1167520 ----a-w- c:\windows\system32\aitstatic.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2014-05-13 495616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2015-3-15 10439224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^María^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\María\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 21:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2014-09-27 18:33 854704 ----a-w- c:\windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 23:55 49208 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 17:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-07 03:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-07-04 08:15 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-04-13 23:44 2889408 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 16:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 10752]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-03-04 65664]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-03-04 32896]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2015-01-29 243128]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.EXE [2009-11-18 87968]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-04 176128]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [2010-04-23 514232]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 246840]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-03-23 27632]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-07-22 145496]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2012-12-06 2046560]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-12-16 37504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-18 23:49 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-19 18:33]
.
2015-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-04-18 23:45]
.
2015-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-04-18 23:45]
.
2015-04-19 c:\windows\Tasks\HPCeeScheduleForMaría.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 200.42.4.204 200.49.130.41
TCP: Interfaces\{A51EB039-9E15-493E-830D-6275B4CCD387}: NameServer = 8.8.8.8,8.8.4.4,
TCP: Interfaces\{D6821454-25BC-4119-92A0-9C26413DF8FE}: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AdobeAAMUpdater-1 - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
MSConfigStartUp-AdobeCS6ServiceManager - c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
MSConfigStartUp-Easybits Recovery - c:\program files\EasyBits For Kids\ezRecover.exe
MSConfigStartUp-Google Update - c:\users\María\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-GoogleChromeAutoLaunch_51BF620E186D1EAABA0BBFCCC2EC9623 - c:\users\María\AppData\Local\Google\Chrome\Application\chrome.exe
MSConfigStartUp-PDF Complete - c:\program files\PDF Complete\pdfsty.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-RTHDVCPL - c:\program files\Realtek\Audio\HDA\RtkNGUI.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSConfigStartUp-uTorrent - c:\users\María\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-571857686-2835858580-2392399786-1000\Software\SecuROM\License information*]
"datasecu"=hex:5c,ad,7c,18,e0,7c,7d,05,e4,0c,90,22,d4,62,57,05,18,95,c6,a7,fa,
   a5,d6,75,62,f3,8e,c1,3a,c0,ed,a3,5f,91,d4,c3,3e,1a,4a,12,65,a8,a8,f5,7e,7e,\
"rkeysecu"=hex:b9,30,97,72,5f,0b,e0,40,36,01,ca,66,5a,13,5a,a2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-23  20:14:17
ComboFix-quarantined-files.txt  2015-04-23 23:14
.
Pre-Run: 185.505.964.032 bytes libres
Post-Run: 185.414.590.464 bytes libres
.
- - End Of File - - 1353E815291D363114BBBE5F60D927E5
A36C5E4F47E84449FF07ED3517B43A31

Edited by bluecam, 23 April 2015 - 07:36 PM.


#8 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 23 April 2015 - 06:34 PM

It's running... same as before I think? 

 

Chrome's AppData folder makes me want to cry too but the file is too big to attach...

 

Attached File  NICE.png   378.4KB   0 downloadsAttached File  haha kill me.png   401.92KB   0 downloads..

 

 

I'm so useless at this. I'm sorry :((((

 


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:33 PM

Posted 24 April 2015 - 05:50 PM

Hello again,
 

I'm so useless at this. I'm sorry :((((

It's okay, you're doing fine! :wink:
 
==========
 
Okay, the fix went as planned so that's good. Is the computer running slowly, or are you just having "Priceless" issues? Also, do you use the program "LastPass"?
 
Let's run these tools next, and please pay special attention to the instructions for step 2 and TDSSKiller:

Step :step1:

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

Step :step2:

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png
  • Once the system reboots, and you see the Kaspersky TDSSKiller window again. Please click "Change Parameters" again, and make sure all boxes are checkboxed!
  • Click Start Scan and allow the scan process to run


    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete for anything in the list!
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

==========

Please post both requested logs in your next reply!

bloopie



#10 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 24 April 2015 - 06:02 PM

I'm pretty sure it wasn't me that installed it but it may have some of my passwords? (I just checked and it has a lot of passwords actually oops) I don't know I don't really pay attention to it anymore and since I re-installed Chrome a thousand times so it's not on my browser anymore. 


Edited by bluecam, 24 April 2015 - 06:21 PM.


#11 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 24 April 2015 - 06:03 PM

And the computer is running fine, thankfully. It's just the priceless files popping up everywhere and messing up my files T^T

 

edit: And Chrome being generally bleepty and doing stuff like downloading stuff whenever I click on a link while holding ctrl...


Edited by bluecam, 24 April 2015 - 06:05 PM.


#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:33 PM

Posted 24 April 2015 - 06:22 PM

Okay, as long as LastPass is not causing problems. :)  Why are you holding "control" while clicking on links? If you want them to open a new tab, just right-click on them and select "open in new tab".
 

Run the above tools next and post the results when you're finished. :)

 

bloopie



#13 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 24 April 2015 - 06:32 PM

Beacause I'm amazingly Lazy :) 

 

Avast! is taking... forever to download... I can feel myself growing old.

 

(Did I thank you for your help already? Beacuse THANK YOUU and sorry I'm so impatient but this thing is the most annoying ever)



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:33 PM

Posted 24 April 2015 - 06:45 PM

Lol, you're welcome...the help is my pleasure. :)

 

 

Avast! is taking... forever to download... I can feel myself growing old.

If the Avast! download is taking too long, you may cancel this one, and redo the step but select "No" to the Avast definitions. :)

 

bloopie



#15 bluecam

bluecam
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 PM

Posted 24 April 2015 - 06:49 PM

omg no if I think I should download it I will, I just like to complain sorry @-@ (unless it's not necessary or something? I want to get rid of this annoying thing more than I want it to finish downloading...)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users