Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Russian Pop-ups and redirecting to videos and publicity


  • This topic is locked This topic is locked
4 replies to this topic

#1 darket

darket

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 November 2015 - 02:30 PM

Hello everyone! 
 
My pc is infected with malware i don't know what specific malware is but i keep getting a lot of pop-ups on every browser I use (Chrome, Opera, IE) there are different kind of popups, little ones like if was a msg from task bar (clock) but they are on browser and they are on Russian language with sound and the others are biggers that cover all the page that i'm visiting so when i click on, open a new window with publicity and videos.
Can you guys help me?
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Charro (administrator) on CHARRO-PC (03-11-2015 13:07:53)
Running from C:\Users\Charro\Downloads
Loaded Profiles: Charro (Available Profiles: Charro)
Platform: Windows 7 Professional (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Charro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [TNOD UP] => C:\Program Files (x86)\TNod\TNODUP.exe [2028032 2015-11-02] (Tukero[X]Team)
HKLM-x32\...\Run: [DetectaFirewall] => C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\DetectaFirewall.exe [1270784 2015-06-10] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-12] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\Run: [HijackThis startup scan] => C:\Users\Charro\Downloads\HijackThis.exe [388608 2015-11-02] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\Users\Charro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe [2011-10-30] ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 93.158.212.36 8.8.8.8
Tcpip\..\Interfaces\{217328E7-6573-4CAB-AFA7-16483AA259DE}: [DhcpNameServer] 93.158.212.36 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446326271&z=a6817e1accf9dc00d477260g6z3z3qfc1oaq8o2mbg&from=tugss&uid=st31000524as_6vpenpegxxxx6vpenpeg&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446326271&z=a6817e1accf9dc00d477260g6z3z3qfc1oaq8o2mbg&from=tugss&uid=st31000524as_6vpenpegxxxx6vpenpeg&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-09-25] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-09-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-29] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-09-25] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com.mx/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-02]
CHR Extension: (Búsqueda de Google) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-02]
CHR Extension: (AdBlock) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-02]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2015-11-02]
CHR Extension: (Recycle Bin) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi [2015-11-02]
CHR Extension: (Dropbox) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-11-02]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2015-11-02]
CHR Extension: (Hootsuite) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2015-11-02]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-11-02]
CHR Extension: (Poppit!) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-11-02]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-02]
CHR Extension: (Hover Zoom) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-11-02]
CHR Extension: (Click&Clean App) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-11-02]
CHR Extension: (Gmail) - C:\Users\Charro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02]
 
Opera: 
=======
OPR Extension: (Wander Burst) - C:\Users\Charro\AppData\Roaming\Opera Software\Opera Stable\Extensions\flfelbbjipofebjdfmlpcbnlhlgjpcfe [2015-10-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppKeyLicenseServer_Facturacion_i; C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe [17910423 2015-06-10] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-26] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2505472 2015-10-09] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-17] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-09-23] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-09-23] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [170792 2015-09-23] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-03 13:07 - 2015-11-03 13:08 - 00019904 _____ C:\Users\Charro\Downloads\FRST.txt
2015-11-03 13:06 - 2015-11-03 13:07 - 00000000 ____D C:\FRST
2015-11-03 13:06 - 2015-11-03 13:06 - 02198016 _____ (Farbar) C:\Users\Charro\Downloads\FRST64.exe
2015-11-03 10:24 - 2015-11-03 10:26 - 00032768 _____ C:\Users\Charro\Desktop\TNC.xls
2015-11-03 10:16 - 2015-11-03 10:23 - 00035328 _____ C:\Users\Charro\Desktop\TF.xls
2015-11-02 18:01 - 2015-11-02 18:01 - 09317168 _____ (ESET, spol. s r.o.) C:\Users\Charro\Downloads\eset_sysrescue_live_creator_enu.exe
2015-11-02 17:48 - 2015-11-02 17:48 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-02 17:48 - 2015-11-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-02 17:47 - 2015-11-03 12:52 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-02 17:47 - 2015-11-02 18:08 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-02 17:47 - 2015-11-02 17:47 - 00929872 _____ (Google Inc.) C:\Users\Charro\Downloads\ChromeSetup (1).exe
2015-11-02 17:47 - 2015-11-02 17:47 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-02 17:47 - 2015-11-02 17:47 - 00003844 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-02 17:40 - 2015-11-02 18:07 - 00003734 _____ C:\Windows\PFRO.log
2015-11-02 17:40 - 2015-11-02 18:07 - 00000112 _____ C:\Windows\setupact.log
2015-11-02 17:40 - 2015-11-02 17:40 - 00000000 _____ C:\Windows\setuperr.log
2015-11-02 17:10 - 2015-11-02 17:10 - 00062610 _____ C:\ccleanerbackup.reg
2015-11-02 17:03 - 2015-11-02 17:06 - 00000000 ____D C:\Program Files\CCleaner
2015-11-02 17:03 - 2015-11-02 17:03 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-02 17:02 - 2015-11-02 17:02 - 00001708 _____ C:\Users\Charro\Downloads\CCleaner_PRO_Bus_Technician_5_00_5050_Serials_TechTools_NET.torrent
2015-11-02 16:53 - 2015-11-02 17:42 - 00000000 ____D C:\Program Files (x86)\TNod
2015-11-02 16:53 - 2015-11-02 16:53 - 00001741 _____ C:\Users\Public\Desktop\Actualizar licencia de NOD32.lnk
2015-11-02 16:53 - 2015-11-02 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
2015-11-02 16:52 - 2015-11-02 16:51 - 02144146 _____ C:\Users\Charro\Downloads\TNod-1.6.0-beta2-setup - copia.rar
2015-11-02 16:51 - 2015-11-02 16:51 - 02144146 _____ C:\Users\Charro\Downloads\TNod-1.6.0-beta2-setup.rar
2015-11-02 16:50 - 2015-11-02 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-11-02 16:46 - 2015-11-02 16:48 - 88165064 _____ (ESET) C:\Users\Charro\Downloads\eav_nt64_esl.exe
2015-11-02 14:35 - 2015-11-02 14:36 - 00070409 _____ C:\Users\Charro\Downloads\Quantico 1x05 - Found (Español (España)).srt
2015-11-02 14:35 - 2015-11-02 14:35 - 00068377 _____ C:\Users\Charro\Downloads\Scorpion 2x05 - Super Fun Guys (Español (Latinoamérica)).srt
2015-11-02 14:22 - 2015-11-02 14:22 - 00110683 _____ C:\Users\Charro\Downloads\Scorpion 2x06 - Tech, Drugs, and Rock’n Roll (Español (Latinoamérica)).srt
2015-11-02 14:19 - 2015-11-02 14:19 - 00069834 _____ C:\Users\Charro\Downloads\Quantico 1x06 - God.srt
2015-11-02 12:58 - 2015-11-03 12:49 - 00000000 ____D C:\Users\Charro\Downloads\backups
2015-11-02 12:31 - 2015-11-02 12:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Charro\Downloads\HijackThis.exe
2015-11-02 11:32 - 2015-11-02 11:32 - 00000000 ____D C:\Windows\XSxS
2015-10-31 15:20 - 2015-11-02 10:09 - 00000000 ____D C:\Users\Charro\AppData\Local\com
2015-10-31 15:18 - 2015-11-02 17:46 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2015-10-31 09:48 - 2015-10-31 09:48 - 00019536 _____ C:\ComboFix.txt
2015-10-31 09:36 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-31 09:36 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-31 09:36 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-31 09:36 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-31 09:36 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-31 09:36 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-31 09:36 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-31 09:30 - 2015-10-31 10:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-31 09:27 - 2015-11-02 18:04 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-31 09:17 - 2015-10-31 09:17 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-30 13:12 - 2015-10-30 13:12 - 00062425 _____ C:\Users\Charro\Downloads\The Blacklist 3x05 - Arioch Cain.srt
2015-10-30 10:36 - 2015-10-30 10:36 - 00054228 _____ C:\Users\Charro\Downloads\Manhattan (2014) 2x02 - Fatherland (Español (España)).srt
2015-10-30 10:34 - 2015-10-30 10:34 - 00074240 _____ C:\Users\Charro\Downloads\Rosewood 1x05 - Necrosis and New Beginnings.srt
2015-10-29 14:26 - 2015-10-29 14:26 - 00049990 _____ C:\Users\Charro\Downloads\Supernatural 11x04 - Baby (Español (España)).srt
2015-10-29 11:00 - 2015-10-29 10:59 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-28 13:23 - 2015-10-28 13:23 - 00042243 _____ C:\Users\Charro\Downloads\Marvel's Agents of S.H.I.E.L.D. 3x05 - 4,722 Hours  (Español (España)).srt
2015-10-28 12:17 - 2015-10-28 12:18 - 13607278 _____ (The qBittorrent project) C:\Users\Charro\Downloads\qbittorrent_3.2.4_setup.exe
2015-10-27 17:25 - 2015-10-27 17:25 - 00000000 ____D C:\Users\Charro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-27 17:14 - 2013-09-12 05:00 - 00394240 _____ (CANON INC.) C:\Windows\system32\CNMXLMC2.DLL
2015-10-27 17:13 - 2015-11-02 17:36 - 00000000 ____D C:\Users\Charro\AppData\LocalLow\Canon Easy-WebPrint EX
2015-10-27 17:13 - 2015-10-27 17:13 - 00000000 ____D C:\Windows\system32\STRING
2015-10-27 17:13 - 2015-10-27 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registro de usuario de Canon MX470 series
2015-10-27 17:13 - 2015-10-27 17:13 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2015-10-27 17:13 - 2013-06-13 17:44 - 00360448 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2015-10-27 17:13 - 2013-06-13 17:44 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2015-10-27 17:13 - 2013-06-13 17:43 - 00366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2015-10-27 17:12 - 2015-10-27 17:13 - 00000000 ____D C:\Program Files\Canon
2015-10-27 17:12 - 2015-10-27 17:12 - 00002025 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-10-27 17:12 - 2015-10-27 17:12 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2015-10-27 17:08 - 2015-10-27 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-27 17:08 - 2015-10-27 17:08 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2015-10-27 17:08 - 2013-06-20 14:42 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_C2L.dll
2015-10-27 17:08 - 2013-06-13 14:10 - 00093184 _____ C:\Windows\SysWOW64\CNC1774D.TBL
2015-10-27 17:08 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-10-27 17:06 - 2015-10-27 17:07 - 50822704 _____ C:\Users\Charro\Downloads\win-mx470-1_1-ucd.exe
2015-10-27 17:04 - 2013-09-25 05:00 - 00303104 _____ (CANON INC.) C:\Windows\system32\CNCALC2.DLL
2015-10-27 17:04 - 2013-09-12 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMC2.DLL
2015-10-27 17:04 - 2013-08-07 08:51 - 00284672 _____ (CANON INC.) C:\Windows\system32\CNC_C2C.dll
2015-10-27 17:04 - 2013-08-07 08:51 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_C2I.dll
2015-10-27 17:04 - 2013-06-20 14:43 - 00360448 _____ (CANON INC.) C:\Windows\system32\CNC_C2L.dll
2015-10-27 17:04 - 2013-06-13 14:10 - 00093184 _____ C:\Windows\system32\CNC1774D.TBL
2015-10-27 17:03 - 2015-10-27 17:04 - 13930064 _____ C:\Users\Charro\Downloads\xp68-win-mx470-5_75-ejs.exe
2015-10-27 17:03 - 2015-10-27 17:03 - 19856968 _____ C:\Users\Charro\Downloads\mp68-win-mx470-1_00-ejs.exe
2015-10-27 16:50 - 2009-06-10 15:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20151027-165048.backup
2015-10-27 16:28 - 2015-11-02 16:39 - 00000085 _____ C:\Windows\wininit.ini
2015-10-27 16:27 - 2015-10-27 16:27 - 00007385 _____ C:\Users\Charro\Downloads\SUPERAntiSpyware_Professional_v5_6_1014_with_Key.torrent
2015-10-27 11:57 - 2015-10-27 11:57 - 00000000 ____D C:\Users\Charro\AppData\Roaming\Malwarebytes
2015-10-27 11:56 - 2015-10-27 11:56 - 00007214 _____ C:\Users\Charro\Downloads\Malwarebytes_Anti_Malware_Pro_v1_75_0_1300_Incl_Keygen.torrent
2015-10-27 11:56 - 2015-10-27 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-10-27 11:56 - 2015-10-27 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-10-27 11:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-27 11:55 - 2015-10-27 11:55 - 01694208 _____ C:\Users\Charro\Downloads\adwcleaner_5.015 (1).exe
2015-10-27 11:51 - 2015-10-27 11:51 - 23733416 _____ (SUPERAntiSpyware) C:\Users\Charro\Downloads\SUPERAntiSpyware.exe
2015-10-27 11:51 - 2015-10-27 11:51 - 00000000 ____D C:\Users\Charro\AppData\Roaming\SUPERAntiSpyware.com
2015-10-27 11:51 - 2015-10-27 11:51 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-27 11:44 - 2015-10-27 11:44 - 01694208 _____ C:\Users\Charro\Downloads\adwcleaner_5.015.exe
2015-10-27 11:41 - 2015-10-27 11:41 - 00015944 _____ C:\Users\Charro\Downloads\Malwarebytes_Anti_Malware_Premium_2_1_8_1057_Multilingual_KeyGen_by_FFF.torrent
2015-10-27 11:36 - 2015-10-27 11:36 - 02042328 _____ (iS3, Inc.) C:\Users\Charro\Downloads\STOPzillaPRO_Downloader.exe
2015-10-26 13:19 - 2015-10-26 13:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-26 13:13 - 2015-10-26 13:13 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-10-26 13:12 - 2015-11-02 17:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-26 13:12 - 2015-11-02 16:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-26 13:09 - 2015-10-26 13:09 - 00781312 _____ C:\Users\Charro\Downloads\delfix_1.011.exe
2015-10-26 13:07 - 2015-10-31 09:42 - 00000000 ____D C:\ProgramData\TEMP
2015-10-26 13:07 - 2015-10-26 13:07 - 00000000 ____D C:\ProgramData\Licenses
2015-10-26 13:06 - 2015-10-26 13:08 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Charro\Downloads\spybot-2.4.exe
2015-10-26 13:06 - 2015-10-26 13:06 - 04095448 _____ (BrightFort LLC ) C:\Users\Charro\Downloads\spywareblastersetup50.exe
2015-10-26 13:06 - 2015-10-26 13:06 - 01801288 _____ (Malwarebytes) C:\Users\Charro\Downloads\JRT.exe
2015-10-26 13:06 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-10-26 12:26 - 2015-10-26 12:26 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-10-26 12:26 - 2015-10-26 12:26 - 00000000 _____ C:\autoexec.bat
2015-10-26 12:24 - 2015-10-26 12:24 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Charro\Downloads\SpyHunter-Installer.exe
2015-10-24 11:29 - 2015-10-24 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-24 10:36 - 2015-10-24 10:36 - 00929872 _____ (Google Inc.) C:\Users\Charro\Downloads\ChromeSetup.exe
2015-10-23 13:18 - 2015-10-23 13:18 - 01004714 _____ C:\Users\Charro\Downloads\TNod-1.4.2.3-final-setup-withpass.rar
2015-10-23 13:12 - 2015-10-24 10:33 - 00000000 ____D C:\Program Files\TNod User & Password Finder
2015-10-23 13:12 - 2015-10-23 13:12 - 00000000 ____D C:\Users\Charro\AppData\Local\ESET
2015-10-23 13:10 - 2015-10-23 13:10 - 00000000 ____D C:\ProgramData\ESET
2015-10-23 13:10 - 2015-10-23 13:10 - 00000000 ____D C:\Program Files\ESET
2015-10-23 12:41 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-23 12:39 - 2015-10-31 09:48 - 00000000 ____D C:\Qoobox
2015-10-23 12:39 - 2015-10-31 09:46 - 00000000 ____D C:\Windows\erdnt
2015-10-23 12:31 - 2015-10-23 12:32 - 00025160 _____ C:\Users\Charro\Downloads\MTB.txt
2015-10-23 10:16 - 2015-10-29 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-23 10:16 - 2015-10-29 10:59 - 00000000 ____D C:\Program Files\Java
2015-10-22 11:48 - 2015-10-24 10:33 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-22 11:47 - 2015-10-27 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-22 11:47 - 2015-10-22 11:47 - 11336600 _____ (SurfRight B.V.) C:\Users\Charro\Downloads\HitmanPro_x64.exe
2015-10-22 08:51 - 2015-11-02 15:26 - 00000000 ____D C:\AdwCleaner
2015-10-16 10:39 - 2015-10-16 10:39 - 00004098 _____ C:\Users\Charro\Downloads\CFD_DC0020191026.xml
2015-10-15 16:20 - 2015-11-03 09:53 - 00000000 ____D C:\Users\Charro\Desktop\PREFACTURAS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-03 12:27 - 2015-08-26 13:22 - 00000950 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-03 12:15 - 2015-07-15 13:56 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-03 11:08 - 2015-07-17 08:15 - 00000000 ____D C:\Users\Charro\DOWN
2015-11-03 11:07 - 2015-07-17 08:14 - 00000000 ____D C:\Users\Charro\AppData\Roaming\qBittorrent
2015-11-03 09:53 - 2015-07-20 09:15 - 00000000 ____D C:\Users\Charro\Desktop\VARIOS
2015-11-03 09:53 - 2015-07-15 14:41 - 00000000 ___RD C:\Users\Charro\Desktop\IMPORTANTES
2015-11-03 09:49 - 2015-07-15 13:44 - 00000000 ____D C:\Users\Charro
2015-11-03 09:46 - 2015-07-15 16:11 - 00000000 ____D C:\Doctos_Digitales
2015-11-03 09:33 - 2015-07-15 13:45 - 02025403 _____ C:\Windows\WindowsUpdate.log
2015-11-02 18:14 - 2009-07-14 03:31 - 00744748 _____ C:\Windows\system32\perfh00A.dat
2015-11-02 18:14 - 2009-07-14 03:31 - 00157248 _____ C:\Windows\system32\perfc00A.dat
2015-11-02 18:14 - 2009-07-13 23:13 - 01669262 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 18:13 - 2009-07-13 22:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-02 18:13 - 2009-07-13 22:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-02 18:08 - 2015-08-26 13:22 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-02 18:08 - 2015-07-17 09:30 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-11-02 18:07 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-02 17:48 - 2015-07-15 13:50 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-02 17:35 - 2015-07-15 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SYS
2015-11-02 17:09 - 2015-07-17 12:09 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2015-11-02 17:09 - 2015-07-17 08:58 - 00000000 ____D C:\Users\Charro\AppData\Roaming\DAEMON Tools Lite
2015-11-02 17:09 - 2015-07-15 07:36 - 00000000 ____D C:\Windows\Panther
2015-11-02 13:23 - 2015-07-15 14:41 - 00000000 ___RD C:\Users\Charro\Desktop\EL CHARRO
2015-11-02 09:32 - 2015-07-15 13:51 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-02 09:32 - 2015-07-15 13:51 - 00001115 _____ C:\Users\Public\Desktop\Opera.lnk
2015-11-02 09:32 - 2015-07-15 13:45 - 00001409 _____ C:\Users\Charro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-10-31 15:12 - 2015-07-15 13:56 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-10-31 09:46 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2015-10-31 09:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-30 14:05 - 2015-07-15 15:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-28 12:03 - 2015-09-02 11:22 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-10-28 12:02 - 2015-09-02 11:21 - 00000000 ____D C:\Users\Charro\AppData\Roaming\Canon
2015-10-28 11:30 - 2015-08-26 13:22 - 00000000 ____D C:\Users\Charro\AppData\Local\Dropbox
2015-10-27 17:15 - 2015-07-17 16:18 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-27 17:13 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
2015-10-27 17:04 - 2015-07-15 14:20 - 00000000 ___HD C:\Program Files\CanonBJ
2015-10-24 11:29 - 2015-08-26 13:22 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-24 11:15 - 2015-07-15 13:56 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-24 11:15 - 2015-07-15 13:56 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-24 11:15 - 2015-07-15 13:56 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-10-24 11:15 - 2015-07-15 13:56 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-24 10:49 - 2015-07-20 07:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-24 10:48 - 2015-07-25 08:41 - 00000000 ____D C:\ProgramData\Oracle
2015-10-24 10:48 - 2015-07-25 08:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-24 10:47 - 2015-09-04 09:16 - 00000000 ____D C:\Users\Charro\.oracle_jre_usage
2015-10-24 10:33 - 2015-07-17 09:30 - 00000000 ____D C:\Windows\AutoKMS
2015-10-24 10:33 - 2015-07-17 09:08 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-10-24 10:33 - 2015-07-15 13:56 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-24 10:33 - 2015-07-15 13:56 - 00000000 ____D C:\Windows\system32\Macromed
2015-10-24 10:33 - 2009-07-13 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-24 10:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-10-24 10:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-24 10:31 - 2015-07-15 16:39 - 00000000 ____D C:\Compacw
2015-10-20 16:48 - 2015-08-07 09:21 - 00040103 _____ C:\Users\Charro\Desktop\PEDIDOS  AL.20-OCT.xlsm
2015-10-15 12:46 - 2015-07-20 12:09 - 00069120 ___SH C:\Users\Charro\Thumbs.db
 
==================== Files in the root of some directories =======
 
2015-08-21 15:07 - 2015-08-21 15:07 - 0007599 _____ () C:\Users\Charro\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Charro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmsc767.dll
C:\Users\Charro\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-02 16:05
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Charro (2015-11-03 13:08:36)
Running from C:\Users\Charro\Downloads
Windows 7 Professional (X64) (2015-07-15 19:44:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2492763848-4197318935-2872631284-500 - Administrator - Disabled)
Charro (S-1-5-21-2492763848-4197318935-2872631284-1001 - Administrator - Enabled) => C:\Users\Charro
HomeGroupUser$ (S-1-5-21-2492763848-4197318935-2872631284-1002 - Limited - Enabled)
Invitado (S-1-5-21-2492763848-4197318935-2872631284-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.318.20 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 9.0.318.20 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Analizador y SDK de MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version: - )
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version: - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.)
Canon Utilidad de marcación rápida (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CONTPAQ i® FACTURA ELECTRONICA (Local) (HKLM-x32\...\{2BE30865-34B9-418C-84F3-2C9912C2E31E}) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{3FA0C8FD-AC18-4031-907A-79FBA69F1899}) (Version: 9.0.318.20 - ESET, spol. s r.o.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5228 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versión 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Opera Stable 32.0.1948.69 (HKLM-x32\...\Opera 32.0.1948.69) (Version: 32.0.1948.69 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Registro de usuario de Canon MX470 series (HKLM-x32\...\Registro de usuario de Canon MX470 series) (Version: - ‭Canon Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.80 - CipSoft GmbH)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.0.0 - Tukero[X]Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

31-10-2015 09:18:09 Revo Uninstaller's restore point - Tibiacast
31-10-2015 09:18:33 Removed Tibiacast
02-11-2015 17:28:54 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-10-31 09:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06598A02-7727-4E75-8380-97F085BBF5BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-02] (Google Inc.)
Task: {12F8A875-A0AD-4685-8D8B-65CC6DFA9C51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {17F33FE9-206F-40BC-B51E-C1FD5A16058B} - System32\Tasks\Opera scheduled Autoupdate 1436989906 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-25] (Opera Software)
Task: {1EA50A15-058E-4383-BC39-E3C74B302995} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {27E0AE4C-80BE-4A31-A376-F29BEB29EF01} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {2DEDA57F-876B-4CBF-95F2-A9CCE8314DB1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [2015-10-24] (Adobe Systems Incorporated)
Task: {58C09801-7527-4BB5-9278-A6E5CB79268B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-24] (Adobe Systems Incorporated)
Task: {66E1594F-4BFE-4A91-A02C-2DC0A401B490} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {806539FC-F506-45DC-8570-95B97D844FEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-02] (Google Inc.)
Task: {90676A69-0D73-450C-8076-72AAB1A6D3EA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-26] (Dropbox, Inc.)
Task: {963A3160-E49B-492C-A844-88BA106ECF0C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-17] ()
Task: {97171D54-85F2-4A03-B0D7-06B37304F3B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AAA1B46B-97C4-4CA8-AF62-39BEAE5D149C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-26] (Dropbox, Inc.)
Task: {CA96469D-D974-4904-BACB-F03254B94A77} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-15 16:09 - 2015-06-10 10:13 - 17910423 _____ () C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe
2015-09-07 11:25 - 2011-10-30 09:02 - 00038912 _____ () C:\Windows\system32\RBHook.dll
2014-09-16 12:52 - 2014-09-16 12:52 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-17 09:21 - 2011-10-30 10:24 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-09-07 11:25 - 2011-10-30 09:02 - 00045568 _____ () C:\Users\Charro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe
2015-08-02 07:29 - 2015-08-02 07:29 - 14844416 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2014-03-31 20:35 - 2014-03-31 20:35 - 00282304 _____ () C:\Program Files (x86)\Windows Live\Writer\es\WindowsLive.Writer.Localization.resources.dll
2014-09-16 12:53 - 2014-09-16 12:53 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-11-02 17:48 - 2015-10-20 08:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-11-02 17:48 - 2015-10-20 08:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2015-11-02 17:48 - 2015-10-20 08:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\...\123simsen.com -> www.123simsen.com

There are 7864 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2492763848-4197318935-2872631284-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 93.158.212.36 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{63C2A51A-30B8-4925-B9AD-8CB9B5C08A3D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{45815F76-F9BE-43C9-A4F7-EF21DDB8849A}] => (Allow) LPort=2869
FirewallRules: [{34BC7CEB-C50A-48BF-8A66-069877AADF17}] => (Allow) LPort=1900
FirewallRules: [{4E15E691-C6B7-4839-B3F2-2F8FCF8A7CFD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{068673E7-9A37-49CE-BA8F-BB4E5C1D873A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B7469B12-AD89-420A-81D2-34515B6531D0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D98903B5-2647-46C2-A59C-B43C297FBF9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9D8F7D35-8FDA-4559-A5FB-9BB69E1047AA}] => (Allow) C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe
FirewallRules: [{F460FD22-2FE5-41BE-8B5D-40CBA25279B8}] => (Allow) C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe
FirewallRules: [{F814CE54-4571-4302-A9C9-3E614C1A877D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3D19EAB1-5330-4FD0-A465-4586D858ABB6}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{F3CDF47E-EF2F-4B0A-B3D1-2A52D00B179D}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{02E0A834-219A-4C7D-B675-3BA291B45289}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{D667D88B-85FC-4070-A45A-212291733480}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0A432779-2399-4391-ABBD-3321937851D5}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B07C1C8E-B811-4976-B586-BB60A4886988}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{38CA6785-A7A6-4EF9-B34D-F949319FAF89}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{1810BE27-D532-4366-B02E-B7A93F374A8D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{53767821-B738-4371-8F79-F8347CCB54D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{82E2A2B2-3C3F-4E41-AB30-457F4B86BB62}] => (Allow) C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe
FirewallRules: [{14C2186D-2AA9-47BD-857E-659098BB180A}] => (Allow) C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2015 10:34:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: EXCEL.EXE, versión: 15.0.4659.1000, marca de tiempo: 0x5417ef33
Nombre del módulo con errores: VBE7.DLL_unloaded, versión: 0.0.0.0, marca de tiempo: 0x523fd3b0
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000007fef65b1ce0
Id. del proceso con errores: 0x11c4
Hora de inicio de la aplicación con errores: 0xEXCEL.EXE0
Ruta de acceso de la aplicación con errores: EXCEL.EXE1
Ruta de acceso del módulo con errores: EXCEL.EXE2
Id. del informe: EXCEL.EXE3

Error: (11/03/2015 10:33:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: EXCEL.EXE, versión: 15.0.4659.1000, marca de tiempo: 0x5417ef33
Nombre del módulo con errores: igd10umd64.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x4f0cb65c
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000007fef65b1ce0
Id. del proceso con errores: 0x1154
Hora de inicio de la aplicación con errores: 0xEXCEL.EXE0
Ruta de acceso de la aplicación con errores: EXCEL.EXE1
Ruta de acceso del módulo con errores: EXCEL.EXE2
Id. del informe: EXCEL.EXE3

Error: (11/02/2015 05:40:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/02/2015 05:40:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/02/2015 05:40:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/02/2015 05:40:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
No se ha encontrado el elemento. (HRESULT : 0x80070490) (0x80070490)

Error: (11/02/2015 05:40:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/02/2015 05:40:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
La base de datos del índice de contenido está dañada. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/02/2015 05:40:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/02/2015 05:40:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=4700}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (11/03/2015 09:31:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

Error: (11/03/2015 09:31:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/03/2015 09:31:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.

Error: (11/02/2015 06:12:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.

Error: (11/02/2015 06:08:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
MPCKpt

Error: (11/02/2015 05:46:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio MPC Core Protect Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (11/02/2015 05:41:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Search no pudo iniciarse debido al siguiente error:
%%1053

Error: (11/02/2015 05:41:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

Error: (11/02/2015 05:41:07 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/02/2015 05:40:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.


CodeIntegrity:
===================================
Date: 2015-10-31 09:45:17.336
Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2015-10-31 09:45:17.336
Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2015-10-23 13:46:34.174
Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2015-10-23 13:46:34.172
Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 58%
Total physical RAM: 3767.05 MB
Available physical RAM: 1563.77 MB
Total Virtual: 7532.26 MB
Available Virtual: 4623.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:771.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Master_CTiBNi500) (CDROM) (Total:2.04 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9BD5C98E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 05 November 2015 - 08:42 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 05 November 2015 - 08:51 PM

Greetings darket and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there are several illegal programs on your computer. If you would like further assistance I am going to ask you to remove the programs listed below and any other programs for which you do not have a valid Product Key. If you are willing to do that let me know when they have been removed and we can continue. If you prefer to not remove them let me know that as well and I will close the Topic.

Microsoft Office Professional Plus 2013
SUPERAntiSpyware Professional
Malwarebytes Anti Malware Pro
Malwarebytes Anti Malware Premium

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 darket

darket
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 06 November 2015 - 12:03 PM

Thank you for your answer Gary.

 

Unfortunately i can't delete the programs you request because I use them on a daily basis.

 

So, thank you for your help.

 

 

 

 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 06 November 2015 - 12:07 PM

OK, sorry, I hope you understand. I will close the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 06 November 2015 - 12:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users