Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection (Nico Mak Computing)


  • This topic is locked This topic is locked
4 replies to this topic

#1 Terokal

Terokal

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 16 August 2015 - 04:40 AM

Hi, while doing a routine adwcleaner checking it founded this keys in the registry that were deleted :

 

[-] Key Deleted : HKU\.DEFAULT\Software\Nico Mak Computing
[-] Key Deleted : HKCU\Software\Nico Mak Computing
[-] Key Deleted : HKLM\SOFTWARE\Nico Mak Computing

 

Since I don't know if these are signs of a deep infection I'm back here requesting help ... by the way just did a Malwarebytes threat scan and 0 infection was the result ... THANKS in advance.

 

Here's the FRST log :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2015 01
Ran by Javier (administrator) on NUREFALAZ-PC (16-08-2015 04:28:47)
Running from C:\Users\Javier\Desktop
Loaded Profiles: Javier (Available Profiles: Javier & Invitado)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Anti-Theft\atserv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Anti-Theft\updatesrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM\...\Run: [ZALFree] => C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dvdvideosoft\dvdvsuos.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dvdvideosoft\dvdvsuos.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\dvdvideosoft\dvdvsuos.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dvdvideosoft\dvdvsuos.exe <====== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1299114229-604962728-1052101830-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1299114229-604962728-1052101830-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.pe/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{0D3263F3-26D9-40F7-B317-85F0C6B8991E}: [DhcpNameServer] 200.48.225.146 200.48.225.130

FireFox:
========
FF ProfilePath: C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\a801htew.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: https://www.google.com.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Blur - C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\a801htew.default\Extensions\donottrackplus@abine.com.xpi [2015-07-14]
FF Extension: Adblock Plus - C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\a801htew.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atserv; C:\Program Files\Bitdefender\Bitdefender Anti-Theft\atserv.exe [456648 2013-10-07] (Bitdefender)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [57520 2013-10-23] (Bitdefender)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 UPDATESRV_ANTITHEFT; C:\Program Files\Bitdefender\Bitdefender Anti-Theft\updatesrv.exe [54424 2013-10-04] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-07-02] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [45008 2015-02-17] ()
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] ()
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetn62.sys [45056 2010-08-06] (VIA Technologies, Inc.              )
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [69816 2014-12-30] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation                           )
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [44624 2015-07-31] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
R3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [281856 2007-03-22] (Copyright © VIA/S3 Graphics Co, Ltd.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [23192 2010-02-11] (VIA Technologies, Inc.)
S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S0 Avglogx; system32\DRIVERS\avglogx.sys [X]
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\Users\Javier\AppData\Local\Temp\catchme.sys [X]
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WsAudioDevice_383; system32\drivers\WsAudioDevice_383.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 04:28 - 2015-08-16 04:29 - 00025409 _____ C:\Users\Javier\Desktop\FRST.txt
2015-08-16 04:28 - 2015-08-16 04:28 - 00000000 ____D C:\FRST
2015-08-16 04:27 - 2015-08-16 04:27 - 01678336 _____ (Farbar) C:\Users\Javier\Desktop\FRST.exe
2015-08-16 04:12 - 2015-08-16 04:12 - 00000356 _____ C:\Windows\PFRO.log
2015-08-16 04:12 - 2015-08-16 04:12 - 00000056 _____ C:\Windows\setupact.log
2015-08-16 04:12 - 2015-08-16 04:12 - 00000000 _____ C:\Windows\setuperr.log
2015-08-16 04:10 - 2015-08-16 04:10 - 00001005 _____ C:\AdwCleaner[C2].txt
2015-08-16 04:09 - 2015-08-16 04:10 - 00000835 _____ C:\AdwCleaner[S11].txt
2015-08-16 04:08 - 2015-08-16 04:08 - 01563648 _____ C:\Users\Javier\Desktop\adwcleaner_5.000.exe
2015-08-15 23:58 - 2015-08-16 04:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-13 10:13 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 10:09 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 10:09 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 10:09 - 2015-07-30 12:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 10:09 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 10:09 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 10:09 - 2015-07-30 12:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 10:09 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 10:09 - 2015-07-30 11:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 10:09 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 10:09 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 10:09 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-13 10:09 - 2015-07-16 15:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-13 10:09 - 2015-07-16 15:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 10:09 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 10:09 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 10:09 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 10:09 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 10:09 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 10:09 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 10:09 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 10:09 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 10:09 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 10:09 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 10:09 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 10:09 - 2015-07-16 14:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 10:09 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 10:09 - 2015-07-16 14:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 10:09 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 10:09 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 10:09 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 10:09 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 10:09 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 10:09 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 10:09 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 10:09 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 10:09 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 10:09 - 2015-07-16 14:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 10:09 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 10:09 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 10:09 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 10:09 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 10:09 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 10:09 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 10:09 - 2015-07-15 12:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 10:09 - 2015-07-15 12:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 10:09 - 2015-07-15 12:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 10:09 - 2015-07-15 12:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 10:09 - 2015-07-15 12:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 10:09 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 10:09 - 2015-07-15 12:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 10:09 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 10:09 - 2015-07-15 12:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 10:09 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 10:09 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 10:09 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 10:09 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 10:09 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 10:09 - 2015-07-15 11:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 10:09 - 2015-07-15 11:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 10:09 - 2015-07-15 11:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 10:09 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 10:09 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 10:09 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 10:08 - 2015-07-28 15:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 10:08 - 2015-07-28 15:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 10:08 - 2015-07-28 15:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 10:08 - 2015-07-28 15:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 10:08 - 2015-07-28 15:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 10:08 - 2015-07-28 15:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-13 10:08 - 2015-07-28 15:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 10:08 - 2015-07-28 14:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 10:08 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 10:08 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-13 10:08 - 2015-07-20 12:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-13 10:08 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 10:08 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 10:08 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 10:08 - 2015-07-16 10:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 10:08 - 2015-07-14 21:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 10:08 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 10:08 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 10:03 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 10:03 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 10:03 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 10:03 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-08 05:12 - 2015-08-08 05:13 - 00004072 ____T C:\Windows\system32\ash5C57.tmp
2015-08-07 15:21 - 2015-08-07 15:21 - 00000000 ____D C:\Users\Javier\AppData\Roaming\vlc
2015-07-31 19:36 - 2015-07-31 19:36 - 00044624 _____ C:\Windows\system32\Drivers\stdriverx86.sys
2015-07-31 19:36 - 2015-07-31 19:36 - 00002038 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2015-07-31 19:36 - 2015-07-31 19:36 - 00001140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2015-07-31 19:36 - 2015-07-31 19:36 - 00001128 _____ C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
2015-07-31 19:36 - 2015-07-31 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-07-31 13:32 - 2015-07-31 13:32 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 04:17 - 2015-04-18 16:57 - 01395511 _____ C:\Windows\WindowsUpdate.log
2015-08-16 04:16 - 2012-11-20 12:11 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-16 04:12 - 2014-05-19 14:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-16 04:12 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-16 04:05 - 2009-07-13 23:34 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-16 04:05 - 2009-07-13 23:34 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-16 02:30 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-08-16 02:04 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-08-16 01:37 - 2014-05-19 13:42 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 00:04 - 2014-12-31 13:58 - 00000000 ____D C:\Users\Javier\AppData\Roaming\Skype
2015-08-15 21:46 - 2014-05-27 05:04 - 00144896 _____ C:\Users\Javier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-15 14:34 - 2015-02-08 23:17 - 00000000 ____D C:\Windows\Minidump
2015-08-15 10:50 - 2015-02-04 16:21 - 00111580 _____ C:\Users\Javier\Desktop\FFS.txt
2015-08-14 03:28 - 2014-05-20 02:58 - 00000000 ____D C:\ProgramData\TEMP
2015-08-14 03:28 - 2014-05-20 02:58 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-08-14 00:55 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-13 20:06 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-13 19:39 - 2009-07-13 23:33 - 00408256 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 19:38 - 2014-07-09 13:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 19:35 - 2014-12-09 17:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 19:35 - 2014-05-19 23:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 10:42 - 2014-07-09 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 10:40 - 2012-11-20 12:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 10:37 - 2014-05-19 21:29 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 10:29 - 2014-05-19 21:29 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 10:14 - 2009-07-13 21:04 - 00000478 _____ C:\Windows\win.ini
2015-08-12 13:16 - 2012-11-20 12:11 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 13:16 - 2012-11-20 12:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-10 19:24 - 2014-08-15 18:15 - 00000000 ____D C:\Users\Javier\AppData\Local\CrashDumps
2015-08-10 01:35 - 2015-06-23 03:44 - 00000000 ____D C:\Users\Javier\AppData\Roaming\uTorrent
2015-08-10 01:32 - 2015-07-16 19:21 - 00000000 ____D C:\Users\Javier\AppData\Roaming\5kplayer
2015-08-08 04:57 - 2014-11-22 23:10 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-06 19:06 - 2014-12-31 13:57 - 00000000 ____D C:\ProgramData\Skype
2015-08-06 17:27 - 2014-08-19 23:53 - 00000000 ____D C:\Program Files\Recuva
2015-08-01 20:17 - 2015-05-18 06:38 - 00000000 ____D C:\AdwCleaner
2015-07-31 19:37 - 2015-02-05 13:52 - 00000000 ____D C:\ProgramData\NCH Software
2015-07-31 19:36 - 2015-02-05 13:52 - 00000000 ____D C:\Users\Javier\AppData\Roaming\NCH Software
2015-07-31 19:36 - 2015-02-05 13:52 - 00000000 ____D C:\Program Files\NCH Software
2015-07-31 01:34 - 2014-08-10 02:30 - 00007640 _____ C:\Users\Javier\AppData\Local\Resmon.ResmonCfg
2015-07-30 02:20 - 2014-08-19 23:53 - 00001795 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-07-30 02:08 - 2012-11-20 13:29 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 02:08 - 2012-11-20 13:29 - 00000000 ____D C:\Program Files\CCleaner
2015-07-27 14:24 - 2015-04-15 00:48 - 00000000 __SHD C:\Users\Javier\AppData\Local\EmieUserList
2015-07-27 14:24 - 2015-04-15 00:48 - 00000000 __SHD C:\Users\Javier\AppData\Local\EmieSiteList
2015-07-27 14:24 - 2015-04-15 00:48 - 00000000 __SHD C:\Users\Javier\AppData\Local\EmieBrowserModeList
2015-07-27 13:38 - 2014-11-22 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-07-27 13:38 - 2014-11-22 23:10 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2015-07-25 15:37 - 2014-05-20 02:58 - 00001037 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-07-25 15:37 - 2014-05-20 02:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-07-25 02:05 - 2015-04-02 18:55 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-17 04:41 - 2015-02-04 16:39 - 00000000 ___RD C:\Users\Javier\Desktop\mbar
2015-07-17 04:41 - 2015-01-21 01:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-17 04:21 - 2014-05-19 13:42 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

==================== Files in the root of some directories =======

2014-05-27 05:04 - 2015-08-15 21:46 - 0144896 _____ () C:\Users\Javier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-10 02:30 - 2015-07-31 01:34 - 0007640 _____ () C:\Users\Javier\AppData\Local\Resmon.ResmonCfg
2015-02-23 16:54 - 2015-02-23 16:54 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
C:\Users\Javier\AppData\Local\Temp\Quarantine.exe
C:\Users\Javier\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2011-01-16 12:56] - [2013-01-11 17:17] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Kan geen toegang krijgen tot BCD.


LastRegBack: 2015-08-12 13:13

==================== End of log ============================

Attached Files


Edited by Terokal, 16 August 2015 - 05:14 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 17 August 2015 - 08:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your logs.
This is just a cleanup of dead wood.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

EmptyTemp:
CloseProcesses:

FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S0 Avglogx; system32\DRIVERS\avglogx.sys [X]
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\Users\Javier\AppData\Local\Temp\catchme.sys [X]
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WsAudioDevice_383; system32\drivers\WsAudioDevice_383.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:C43ED645

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Terokal

Terokal
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 17 August 2015 - 02:32 PM

Hello nasdaq ... dead wood from who knows where :guitar: , got rid of torrents (me brother downloading "True Detective" 2nd season) after an ESET online scan ... here's the log :

 

Fix result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Javier (2015-08-17 14:17:01) Run:1
Running from C:\Users\Javier\Desktop
Loaded Profiles: Javier (Available Profiles: Javier & Invitado)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

EmptyTemp:
CloseProcesses:

FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S0 Avglogx; system32\DRIVERS\avglogx.sys [X]
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\Users\Javier\AppData\Local\Temp\catchme.sys [X]
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WsAudioDevice_383; system32\drivers\WsAudioDevice_383.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:C43ED645

End
*****************

Processes closed successfully.
Firefox DefaultSearchEngine.US removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4" => key removed successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => key removed successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => key removed successfully.
Avgdiskx => service removed successfully.
AVGIDSHX => service removed successfully.
AVGIDSShim => service removed successfully.
Avglogx => service removed successfully.
avgtp => service removed successfully.
catchme => service removed successfully.
PAC7302 => service removed successfully.
VGPU => service removed successfully.
WsAudioDevice_383 => service removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully..
C:\ProgramData\TEMP => ":C43ED645" ADS removed successfully..
EmptyTemp: => 14.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:17:10 ====

 

The computer was running OK, it's kinda old so it's a miracle it stil works good for the heavy use it receives ... but thanks to you and the team here, at least we know a couple of tricks to avoid massive infections ... ya' all guys do a great job ... for that all the family is grateful ... again, THANKS to all of ya.


Edited by Terokal, 17 August 2015 - 04:02 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 18 August 2015 - 06:47 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 23 August 2015 - 07:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users