Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix crashed my computer deleting system files!!


  • This topic is locked This topic is locked
3 replies to this topic

#1 exabyte666

exabyte666

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 09 September 2015 - 07:57 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by roger casadejus (administrator) on ROGER-PM2S (09-09-2015 14:51:16)
Running from C:\Users\Roger Casadejus\Downloads
Loaded Profiles: roger casadejus (Available Profiles: Roger & PM2S & roger casadejus)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TOSHIBA) C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_native_messaging_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2853968 2014-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [287104 2014-04-16] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1686088 2014-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.4.2
Tcpip\..\Interfaces\{43826EA9-39DE-4DA1-BFE7-13F807C3023E}: [DhcpNameServer] 192.168.4.2
Tcpip\..\Interfaces\{F8FF3E34-26B7-449F-A829-F2107315B94A}: [DhcpNameServer] 192.168.4.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3595422518-880822061-1782896685-1247\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3595422518-880822061-1782896685-1247\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3595422518-880822061-1782896685-1247\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3595422518-880822061-1782896685-1247\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_b
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3595422518-880822061-1782896685-1247 -> DefaultScope {C80AE952-CE13-4BAE-9CE3-41AD5FED6051} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3595422518-880822061-1782896685-1247 -> {B73A2E13-3FB8-4960-97A8-C78658D42D7A} URL = hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3595422518-880822061-1782896685-1247 -> {C80AE952-CE13-4BAE-9CE3-41AD5FED6051} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70752} hxxps://192.168.4.2:4343/officescan/console/ClientInstall/WinNTChk.cab?ver=19,0,0,2486
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Roger Casadejus\AppData\Roaming\Mozilla\Firefox\Profiles\vm3xvai2.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2015-01-19] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2015-01-19] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2015-01-19] (Fortinet Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-28]
 
Chrome: 
=======
CHR Plugin: (Presentaciones de Google) - aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 No File
CHR Plugin: (Chrome Web Store) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\resources\web_store No File
CHR Plugin: (Google Docs) - aohghmighlieiainnegkcijnfilokake\0.9_0 No File
CHR Plugin: (Google Drive) - apdfllckaahabafndbhieahigkjlhalf\14.0_0 No File
CHR Plugin: (YouTube) - blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0 No File
CHR Plugin: (Búsqueda de Google) - coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0 No File
CHR Plugin: (Bookmark Manager) - felcaaldnbdncclmgdcncolpebgiejap\1.1_0 No File
CHR Plugin: (Escritorio remoto de Chrome) - gbchcmhmhahfdphkhkmpfmihenigjmpp\45.0.2454.18_0 No File
CHR Plugin: (Feedback) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\resources\chrome_app No File
CHR Plugin: (Chrome PDF Viewer) - pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 No File
CHR Profile: C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-13]
CHR Extension: (Google Docs) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-13]
CHR Extension: (Google Drive) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-13]
CHR Extension: (YouTube) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-13]
CHR Extension: (Google Search) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-13]
CHR Extension: (Google Sheets) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-13]
CHR Extension: (Skype Click to Call) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-13]
CHR Extension: (Gmail) - C:\Users\Roger Casadejus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-07-11] (Alps Electric Co., Ltd.)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe [69448 2015-07-24] (Google Inc.)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-06-11] ()
S2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [104466 2015-01-19] (Fortinet Inc.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 PRTGCoreService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe [8150216 2015-08-03] (Paessler AG)
R2 PRTGProbeService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [11870920 2015-08-03] (Paessler AG)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [57568 2015-01-19] (Fortinet Inc)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18144 2015-01-19] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [25312 2014-12-11] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37600 2015-01-19] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [12512 2015-01-19] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [146144 2015-01-19] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [47328 2015-01-19] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [58080 2015-01-19] (Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [39648 2015-01-19] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [31456 2015-01-19] (Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3440408 2015-03-23] (Intel Corporation)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2011-03-21] (Fortinet Inc.)
S3 Tosrfcom; no ImagePath
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2015-09-09] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 14:51 - 2015-09-09 14:51 - 00025660 _____ C:\Users\Roger Casadejus\Downloads\FRST.txt
2015-09-09 14:46 - 2015-09-09 14:51 - 00000000 ____D C:\FRST
2015-09-09 14:46 - 2015-09-09 14:46 - 02190336 _____ (Farbar) C:\Users\Roger Casadejus\Downloads\FRST64.exe
2015-09-09 11:58 - 2015-09-09 11:58 - 05631567 _____ C:\Users\Roger Casadejus\Downloads\ComboFix.zip
2015-09-09 11:36 - 2015-09-09 11:36 - 00035344 _____ C:\windows\system32\Drivers\WPRO_41_2001.sys
2015-09-09 11:26 - 2015-09-09 11:26 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-09-09 11:22 - 2015-09-09 11:36 - 00096784 _____ (CACE Technologies) C:\windows\SysWOW64\WPRO_41_2001woem.tmp
2015-09-09 10:34 - 2015-09-09 11:35 - 00065536 _____ C:\windows\system32\Ikeext.etl
2015-09-09 10:15 - 2015-09-09 10:16 - 11024880 _____ (Bullzip ) C:\Users\Roger Casadejus\Downloads\Setup_BullzipPDFPrinter_10_21_0_2462_PRO_EXP.exe
2015-09-09 10:10 - 2015-09-09 10:10 - 00031089 _____ C:\ComboFix.txt
2015-09-09 09:46 - 2015-09-09 09:46 - 00240176 _____ (Trend Micro Inc.) C:\windows\RegBootClean64.exe
2015-09-09 09:43 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-09-09 09:43 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-09-09 09:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-09-09 09:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-09-09 09:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-09-09 09:43 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-09-09 09:43 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-09-09 09:43 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-09-09 09:42 - 2015-09-09 11:34 - 00000000 ____D C:\windows\erdnt
2015-09-09 09:42 - 2015-09-09 10:10 - 00000000 ____D C:\Qoobox
2015-09-09 09:41 - 2015-09-09 09:41 - 05635119 ____R (Swearware) C:\Users\Roger Casadejus\Downloads\ComboFix.exe
2015-09-09 08:50 - 2015-09-09 08:51 - 00057695 _____ C:\Users\Roger Casadejus\Downloads\Listado Telefonos PM2S ES (1).xlsx
2015-09-09 08:50 - 2015-09-09 08:50 - 00057702 _____ C:\Users\Roger Casadejus\Downloads\Listado Telefonos PM2S ES.xlsx
2015-09-09 08:50 - 2015-09-09 08:50 - 00057702 _____ C:\Users\Roger Casadejus\Downloads\A0F8EAFC.tmp
2015-09-08 17:12 - 2015-09-08 17:12 - 03052968 _____ (TeamViewer) C:\Users\Roger Casadejus\Downloads\TeamViewer_CLIENTE_PM2S.exe
2015-09-07 15:35 - 2015-09-07 15:35 - 00001132 _____ C:\Users\Roger Casadejus\Desktop\Artisteer 4.lnk
2015-09-07 15:35 - 2015-09-07 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 4
2015-09-07 15:34 - 2015-09-07 15:34 - 00000000 ____D C:\Program Files (x86)\Artisteer 4
2015-09-07 14:44 - 2015-09-07 14:44 - 00000991 _____ C:\Users\Roger Casadejus\Desktop\FileZilla.lnk
2015-09-05 11:04 - 2015-09-07 16:10 - 00000000 ____D C:\temp
2015-09-04 16:08 - 2015-09-04 16:08 - 00002623 _____ C:\Users\Roger Casadejus\Desktop\VPN Client.lnk
2015-09-03 17:14 - 2015-09-03 17:15 - 00000000 ____D C:\Users\Roger Casadejus\Desktop\FCB
2015-09-03 16:59 - 2015-09-03 17:01 - 00001594 _____ C:\windows\VPNInstall.MIF
2015-09-03 16:59 - 2015-09-03 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
2015-09-03 16:59 - 2015-09-03 16:59 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2015-09-03 16:59 - 2015-09-03 16:59 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2015-09-03 16:54 - 2015-09-09 12:43 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\FileZilla
2015-09-03 16:54 - 2015-09-03 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-09-03 16:54 - 2015-09-03 16:54 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-09-03 16:21 - 2015-09-03 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2015-09-03 16:21 - 2015-09-03 16:21 - 00000000 ____D C:\Program Files (x86)\MySQL
2015-09-02 13:29 - 2015-09-02 13:29 - 00001231 _____ C:\Users\Roger Casadejus\Desktop\Adobe Dreamweaver CC.lnk
2015-09-02 13:28 - 2015-09-02 13:28 - 00001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
2015-09-02 13:04 - 2015-09-02 13:04 - 00001005 _____ C:\Users\Roger Casadejus\Desktop\IrfanView.lnk
2015-09-02 13:04 - 2015-09-02 13:04 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-09-02 13:04 - 2015-09-02 13:04 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\IrfanView
2015-09-02 13:04 - 2015-09-02 13:04 - 00000000 ____D C:\Program Files (x86)\IrfanView
2015-09-02 12:54 - 2015-09-02 12:55 - 00000139 _____ C:\Users\Roger Casadejus\Desktop\PASSWORD WORDPRESS.url
2015-09-02 10:19 - 2015-09-02 13:26 - 00001537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-09-02 10:11 - 2015-09-02 10:11 - 00034308 _____ C:\windows\SysWOW64\bassmod.dll
2015-09-02 10:11 - 2015-09-02 10:11 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Artisteer
2015-09-02 10:11 - 2015-09-02 10:11 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Apple Computer
2015-09-02 10:11 - 2015-09-02 10:11 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Local\Apple Computer
2015-09-01 11:48 - 2015-09-01 11:48 - 00001063 _____ C:\Users\Roger Casadejus\Desktop\Hard Disk Low Level Format Tool.lnk
2015-09-01 11:48 - 2015-09-01 11:48 - 00000001 _____ C:\Users\Roger Casadejus\AppData\Local\llftool.4.40.agreement
2015-09-01 11:48 - 2015-09-01 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
2015-09-01 11:48 - 2015-09-01 11:48 - 00000000 ____D C:\Program Files (x86)\HDDGURU LLF Tool
2015-08-31 12:33 - 2015-08-31 12:33 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Sun
2015-08-31 12:33 - 2015-08-31 12:33 - 00000000 ____D C:\Users\Roger Casadejus\.oracle_jre_usage
2015-08-31 09:50 - 2015-08-31 09:50 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Thunderbird
2015-08-31 09:50 - 2015-08-31 09:50 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Local\Thunderbird
2015-08-28 13:17 - 2015-08-28 13:17 - 00000192 _____ C:\Users\Roger Casadejus\Desktop\MySQL Visual Studio 2013.url
2015-08-28 11:32 - 2015-09-09 11:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-24 13:26 - 2015-08-24 13:26 - 00011034 _____ C:\Users\Roger Casadejus\Documents\Please create the following directories and description files in them.xlsx
2015-08-20 13:53 - 2015-08-20 13:53 - 00000115 _____ C:\Users\Roger Casadejus\Desktop\Hitleap.url
2015-08-19 08:58 - 2015-08-28 13:02 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Local\Revelado Online Media Markt
2015-08-19 08:53 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2015-08-19 08:51 - 2015-08-19 08:51 - 00001135 _____ C:\Users\Public\Desktop\Revelado Online Media Markt.lnk
2015-08-19 08:51 - 2015-08-19 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revelado Online Media Markt
2015-08-19 08:50 - 2015-08-19 08:54 - 00000000 ____D C:\Program Files (x86)\Revelado Online Media Markt
2015-08-19 08:50 - 2015-08-19 08:50 - 00000000 ____D C:\ProgramData\Revelado Online Media Markt
2015-08-19 08:49 - 2015-08-19 08:53 - 00037713 _____ C:\windows\DirectX.log
2015-08-17 13:54 - 2015-08-17 13:54 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Local\Intel_Corporation
2015-08-17 13:52 - 2015-09-09 12:42 - 00000000 ____D C:\kk
2015-08-17 12:49 - 2015-08-28 11:12 - 00000000 ____D C:\InetMonPM2S
2015-08-17 12:42 - 2015-08-17 12:42 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Microsoft FxCop
2015-08-17 09:16 - 2015-08-20 12:54 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Local\Deployment
2015-08-17 09:16 - 2015-08-17 09:16 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Local\Apps\2.0
2015-08-14 13:49 - 2015-08-14 13:49 - 00000000 ____D C:\ProgramData\Microsoft Visual Studio
2015-08-14 13:47 - 2015-08-14 13:47 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\NuGet
2015-08-14 13:43 - 2015-08-14 13:43 - 00001548 _____ C:\Users\Roger Casadejus\Desktop\Visual Studio 2013.lnk
2015-08-14 13:30 - 2015-08-14 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-08-14 13:30 - 2015-08-14 13:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2015-08-14 13:29 - 2015-08-14 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-08-14 13:29 - 2015-08-14 13:29 - 00000000 ____D C:\Program Files (x86)\Windows Phone Silverlight Kits
2015-08-14 13:25 - 2015-08-28 10:19 - 00000000 ____D C:\Users\Roger Casadejus\Documents\Visual Studio 2013
2015-08-14 13:25 - 2015-08-14 13:25 - 00000000 ____D C:\Program Files (x86)\Microsoft XDE
2015-08-14 13:23 - 2015-08-14 13:23 - 00000000 ____D C:\Program Files (x86)\ReleaseManagement
2015-08-14 13:22 - 2015-08-14 13:22 - 00000000 ____D C:\Program Files (x86)\AppInsights
2015-08-14 13:18 - 2015-08-14 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK - Español
2015-08-14 13:18 - 2015-08-14 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 13:18 - 2015-08-14 13:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 13:17 - 2015-08-14 13:17 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-08-14 13:15 - 2015-08-14 13:24 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2015-08-14 13:15 - 2015-08-14 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-08-14 13:15 - 2015-08-14 13:15 - 00000000 ____D C:\Program Files\Application Verifier
2015-08-14 13:15 - 2015-08-14 13:15 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2015-08-14 13:14 - 2015-08-14 13:14 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2015-08-14 13:13 - 2015-08-14 13:13 - 00001444 _____ C:\Users\Roger Casadejus\Desktop\XBOOT.lnk
2015-08-14 13:12 - 2015-08-14 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-08-14 13:11 - 2015-08-14 13:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2015-08-14 13:10 - 2015-08-14 13:23 - 00000000 ____D C:\Program Files\IIS Express
2015-08-14 13:10 - 2015-08-14 13:23 - 00000000 ____D C:\Program Files (x86)\IIS Express
2015-08-14 13:10 - 2015-08-14 13:10 - 00000000 ____D C:\ProgramData\NuGet
2015-08-14 13:10 - 2015-08-14 13:10 - 00000000 ____D C:\Program Files\IIS
2015-08-14 13:10 - 2015-08-14 13:10 - 00000000 ____D C:\Program Files (x86)\NuGet
2015-08-14 13:10 - 2015-08-14 13:10 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2015-08-14 13:10 - 2015-08-14 13:10 - 00000000 ____D C:\Program Files (x86)\IIS
2015-08-14 13:08 - 2015-08-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-08-14 13:08 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2015-08-14 13:05 - 2015-08-14 13:05 - 00000000 ____D C:\Program Files (x86)\Workflow Manager Tools
2015-08-14 13:04 - 2015-08-14 13:04 - 00000000 ____D C:\Program Files\Windows Identity Foundation
2015-08-14 13:04 - 2015-08-14 13:04 - 00000000 ____D C:\Program Files\Microsoft Identity Extensions
2015-08-14 13:04 - 2015-08-14 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Identity Foundation
2015-08-14 13:04 - 2015-08-14 13:04 - 00000000 ____D C:\Program Files (x86)\Open XML SDK
2015-08-14 12:57 - 2015-08-14 13:07 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2015-08-14 12:57 - 2015-08-14 12:57 - 00000000 ____D C:\windows\symbols
2015-08-14 12:57 - 2015-08-14 12:57 - 00000000 ____D C:\Program Files (x86)\Windows Phone Kits
2015-08-14 12:57 - 2015-08-14 12:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2015-08-14 12:57 - 2015-08-14 12:57 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2015-08-14 12:55 - 2015-08-14 13:32 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-08-14 12:55 - 2015-08-14 13:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-08-14 12:55 - 2015-08-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-08-14 12:55 - 2015-08-14 12:59 - 00000000 ____D C:\windows\SysWOW64\3082
2015-08-14 12:55 - 2015-08-14 12:56 - 00000000 ____D C:\windows\system32\1033
2015-08-14 12:55 - 2015-08-14 12:55 - 00000000 ____D C:\windows\SysWOW64\1033
2015-08-14 12:50 - 2015-08-14 13:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-08-14 12:49 - 2015-08-14 13:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-08-14 12:49 - 2015-08-14 12:55 - 00000000 ____D C:\windows\system32\3082
2015-08-14 12:49 - 2015-08-14 12:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2015-08-14 08:49 - 2015-08-14 13:40 - 00000000 ____D C:\6aafa5524fa8358bd3858e
2015-08-13 17:14 - 2015-08-13 17:14 - 00001125 _____ C:\Users\Public\Desktop\Allway Sync.lnk
2015-08-13 17:14 - 2015-08-13 17:14 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Sync App Settings
2015-08-13 17:14 - 2015-08-13 17:14 - 00000000 ____D C:\ProgramData\Sync App Settings
2015-08-13 17:14 - 2015-08-13 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
2015-08-13 17:14 - 2015-08-13 17:14 - 00000000 ____D C:\Program Files (x86)\Allway Sync
2015-08-13 16:17 - 2015-08-13 16:17 - 00000000 ____D C:\edb7742af1bb8d076934fde6d8e3
2015-08-13 16:16 - 2015-08-13 16:16 - 00000000 ____D C:\ProgramData\VsTelemetry
2015-08-12 11:15 - 2015-08-12 11:15 - 00001235 _____ C:\Users\Roger Casadejus\Desktop\FTP PM2S.lnk
2015-08-12 11:11 - 2015-08-12 11:11 - 08710344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-11 12:49 - 2015-08-11 12:49 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Telefónica Móviles
2015-08-11 12:49 - 2015-08-11 12:49 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Bytemobile
2015-08-11 12:48 - 2004-02-06 10:22 - 00118784 _____ (Bytemobile, Inc.) C:\windows\SysWOW64\bmwebcfg.exe
2015-08-11 12:48 - 2004-02-06 10:21 - 00446464 _____ (Bytemobile, Inc.) C:\windows\SysWOW64\bmnet.dll
2015-08-11 12:48 - 2004-02-06 10:21 - 00049152 _____ (Bytemobile, Inc.) C:\windows\SysWOW64\bmdumpd.bin
2015-08-11 12:48 - 2003-10-14 10:50 - 00008464 _____ (Microsoft Corporation) C:\windows\SysWOW64\SpOrder.Dll
2015-08-11 12:48 - 2003-10-14 10:47 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\bmutil.dll
2015-08-11 12:47 - 1998-10-06 17:34 - 00327168 _____ (InstallShield Software Corporation, Inc.) C:\windows\IsUn040a.exe
2015-08-11 12:46 - 2015-08-11 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movistar
2015-08-11 12:46 - 2015-08-11 12:46 - 00000000 ____D C:\Program Files (x86)\Movistar
2015-08-10 11:17 - 2015-08-10 11:17 - 00001519 _____ C:\Users\Roger Casadejus\Desktop\imageUSB (Clonar dos pendrives).lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 14:36 - 2015-08-04 12:48 - 00000000 ____D C:\ProgramData\TEMP
2015-09-09 14:22 - 2014-12-17 00:24 - 01919974 _____ C:\windows\WindowsUpdate.log
2015-09-09 14:11 - 2014-07-02 00:29 - 00000838 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-09 14:01 - 2014-07-02 00:30 - 00001100 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-09 13:08 - 2015-07-13 09:50 - 00000136 _____ C:\windows\system32\config\netlogon.ftl
2015-09-09 12:26 - 2009-07-14 06:45 - 00027344 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-09 12:26 - 2009-07-14 06:45 - 00027344 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-09 12:13 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-09-09 12:10 - 2009-07-14 05:20 - 00000000 ____D C:\windows\tracing
2015-09-09 11:40 - 2010-11-21 09:09 - 00764140 _____ C:\windows\system32\perfh00A.dat
2015-09-09 11:40 - 2010-11-21 09:09 - 00165052 _____ C:\windows\system32\perfc00A.dat
2015-09-09 11:40 - 2009-07-14 07:13 - 01722536 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-09 11:36 - 2015-07-13 16:33 - 00000000 ____D C:\ProgramData\VMware
2015-09-09 11:35 - 2015-08-04 12:47 - 00000000 ____D C:\Program Files (x86)\PRTG Network Monitor
2015-09-09 11:35 - 2014-07-02 00:30 - 00001096 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 11:35 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-09 11:35 - 2009-07-14 06:51 - 00007149 _____ C:\windows\setupact.log
2015-09-09 11:34 - 2015-08-04 12:48 - 00000000 ____D C:\ProgramData\Licenses
2015-09-09 11:34 - 2015-07-27 10:55 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\PDF Writer
2015-09-09 11:34 - 2015-07-27 10:54 - 00000000 ____D C:\ProgramData\PDF Writer
2015-09-09 11:34 - 2015-07-27 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
2015-09-09 11:34 - 2015-07-13 10:00 - 00000000 ____D C:\Users\Roger Casadejus
2015-09-09 11:34 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-09-09 11:23 - 2015-07-13 11:37 - 00005185 _____ C:\windows\TMFilter.log
2015-09-09 11:23 - 2015-07-13 11:36 - 00000000 ____D C:\ProgramData\Trend Micro
2015-09-09 11:22 - 2015-07-13 11:36 - 01816692 _____ C:\windows\SysWOW64\TmInstall.log
2015-09-09 11:22 - 2015-07-13 11:36 - 00149974 _____ C:\windows\system32\TmInstall.log
2015-09-09 11:14 - 2010-11-21 05:47 - 00031402 _____ C:\windows\PFRO.log
2015-09-09 11:04 - 2015-07-13 11:37 - 00012113 _____ C:\windows\cfgall.ini
2015-09-09 10:18 - 2015-07-24 13:45 - 00000000 ___RD C:\Users\Roger Casadejus\Desktop\Documentació PM2S
2015-09-09 10:10 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-09-09 10:01 - 2009-07-14 04:34 - 00000215 ____N C:\windows\system.ini
2015-09-09 10:00 - 2009-07-14 04:34 - 22806528 _____ C:\windows\system32\config\SYSTEM.bak
2015-09-09 10:00 - 2009-07-14 04:34 - 128712704 _____ C:\windows\system32\config\SOFTWARE.bak
2015-09-09 10:00 - 2009-07-14 04:34 - 05505024 _____ C:\windows\system32\config\DEFAULT.bak
2015-09-09 10:00 - 2009-07-14 04:34 - 00262144 _____ C:\windows\system32\config\SECURITY.bak
2015-09-09 09:41 - 2015-07-13 17:03 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Local\VMware
2015-09-09 09:40 - 2015-07-13 16:38 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\VMware
2015-09-07 17:29 - 2015-07-14 12:06 - 00000000 ____D C:\Users\Roger Casadejus\.lingo
2015-09-03 16:21 - 2014-07-02 00:25 - 01750066 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-09-03 09:43 - 2015-07-24 13:46 - 00000000 ____D C:\Users\Roger Casadejus\Desktop\Documentació Fujifilm
2015-09-03 08:03 - 2015-07-13 11:05 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Local\Adobe
2015-09-03 08:00 - 2009-07-14 06:45 - 00447656 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-02 13:30 - 2015-07-13 10:01 - 00116968 _____ C:\Users\Roger Casadejus\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-02 13:30 - 2015-07-13 10:01 - 00000000 ____D C:\Users\Roger Casadejus\AppData\Roaming\Adobe
2015-09-02 13:27 - 2014-07-02 00:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-02 10:20 - 2014-12-17 00:42 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-02 10:20 - 2014-07-02 00:28 - 00000000 ____D C:\ProgramData\Adobe
2015-09-01 08:56 - 2014-07-02 00:30 - 00004096 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-01 08:56 - 2014-07-02 00:30 - 00003844 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-01 08:24 - 2015-07-22 16:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-31 13:18 - 2015-07-13 17:04 - 00000000 ____D C:\Users\Roger Casadejus\Documents\Virtual Machines
2015-08-31 12:59 - 2015-07-14 12:05 - 00000000 ____D C:\ProgramData\Oracle
2015-08-31 12:34 - 2015-07-14 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-31 12:33 - 2015-07-14 12:35 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-31 12:32 - 2015-07-14 12:34 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-26 08:55 - 2014-07-02 00:30 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-18 15:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-08-17 08:22 - 2015-07-13 11:42 - 00000000 ____D C:\SOFTWARE PM2S
2015-08-14 13:39 - 2009-07-14 04:34 - 00262144 _____ C:\windows\system32\config\SAM.bak
2015-08-14 13:17 - 2015-07-13 11:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-08-14 13:16 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-14 13:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild
2015-08-14 12:50 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-12 11:11 - 2014-07-02 00:29 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 11:11 - 2014-07-02 00:29 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 11:11 - 2014-07-02 00:29 - 00003776 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 16:48 - 2015-08-04 09:28 - 00000000 ____D C:\Màquines VMWare
2015-08-11 08:54 - 2014-07-02 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2015-09-01 11:48 - 2015-09-01 11:48 - 0000001 _____ () C:\Users\Roger Casadejus\AppData\Local\llftool.4.40.agreement
2014-12-17 00:29 - 2014-12-17 00:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Roger Casadejus\AppData\Local\Temp\boost_date_time-vc110-mt-1_49.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\DIFxAPI.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\FlowControl_64x.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\libNetCtrl.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\libNetCtrl_64x.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\loadhttp_64x.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\ncfg.exe
C:\Users\Roger Casadejus\AppData\Local\Temp\ntrmv.exe
C:\Users\Roger Casadejus\AppData\Local\Temp\ntrmvrc.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\OfcPfwCommon_64x.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\OfcPfwSvc_64x.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\OfcPIPC_64x.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\PccWFWMo_64x.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\pwd_64x.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\sqlite3.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\TMBMCLI.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\tmdbg20.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\tmeesent.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\TmEngDrv.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\tmlwfins.exe
C:\Users\Roger Casadejus\AppData\Local\Temp\tmopsent.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\TmPfwApi.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\tmwfpins.exe
C:\Users\Roger Casadejus\AppData\Local\Temp\utilDebugLog.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\Zlib.dll
C:\Users\Roger Casadejus\AppData\Local\Temp\zlibwapi.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-01 13:35
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 13 September 2015 - 02:21 PM

Greetings exabyte666 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Can you tell me why it was necessary to run Combofix? What symptoms were you experiencing?

If there is an Addition.txt document on your Desktop please copy and paste the contents in your reply.

Do you recognize these directories?
 

C:\kk
C:\InetMonPM2S


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3595422518-880822061-1782896685-1247\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Plugin: (Presentaciones de Google) - aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 No File
CHR Plugin: (Chrome Web Store) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\resources\web_store No File
CHR Plugin: (Google Docs) - aohghmighlieiainnegkcijnfilokake\0.9_0 No File
CHR Plugin: (Google Drive) - apdfllckaahabafndbhieahigkjlhalf\14.0_0 No File
CHR Plugin: (YouTube) - blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0 No File
CHR Plugin: (Búsqueda de Google) - coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0 No File
CHR Plugin: (Bookmark Manager) - felcaaldnbdncclmgdcncolpebgiejap\1.1_0 No File
CHR Plugin: (Escritorio remoto de Chrome) - gbchcmhmhahfdphkhkmpfmihenigjmpp\45.0.2454.18_0 No File
CHR Plugin: (Feedback) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\resources\chrome_app No File
CHR Plugin: (Chrome PDF Viewer) - pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 No File
S3 Tosrfcom; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-09-09 08:50 - 2015-09-09 08:50 - 00057702 _____ C:\Users\Roger Casadejus\Downloads\A0F8EAFC.tmp
cmd: copy C:\Qoobox\ComboFix-quarantined-files.txt %userprofile%\desktop\ComboFix-quarantined-files.txt
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • You will find a ComboFix-quarantined-files.txt document on your Desktop. Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Why was Combofix run?
  • Addition log
  • Fixlog
  • ComboFix-quarantined-files log
  • System Summary Information
  • Update on current system performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 16 September 2015 - 10:06 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 18 September 2015 - 08:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users