Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

snc.styligymnasia.com pop ups adwares


  • This topic is locked This topic is locked
2 replies to this topic

#1 grinxo94

grinxo94

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 26 June 2017 - 09:49 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by Nicolas (administrator) on DESKTOP-KDV08A4 (26-06-2017 23:34:53)
Running from D:\Nicolas\Nueva carpeta (3)
Loaded Profiles: Nicolas (Available Profiles: Nicolas)
Platform: Windows 10 Education Version 1703 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) D:\Aplicaciones\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) D:\Aplicaciones\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) D:\Aplicaciones\Avast\AvastSvc.exe
(AVAST Software) D:\Aplicaciones\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) D:\Aplicaciones\Microsoft SQL Server\90\Shared\sqlwriter.exe
() D:\Aplicaciones (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Malwarebytes) D:\Aplicaciones\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) D:\Aplicaciones\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(IObit) D:\Aplicaciones (x86)\Smart Defrag\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) D:\Aplicaciones\Avast\AvastUI.exe
(Malwarebytes) D:\Aplicaciones\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) D:\Aplicaciones (x86)\Steam\Steam.exe
(Valve Corporation) D:\Aplicaciones (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Aplicaciones (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Aplicaciones (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\LOL\RADS\system\rads_user_kernel.exe
() C:\Program Files (x86)\LOL\RADS\projects\lol_launcher\releases\0.0.1.47\deploy\LoLLauncher.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\LOL\RADS\projects\lol_patcher\releases\0.0.0.87\deploy\LoLPatcher.exe
() C:\Program Files (x86)\LOL\RADS\projects\lol_patcher\releases\0.0.0.87\deploy\LoLPatcherUx.exe
() C:\Program Files (x86)\LOL\RADS\projects\lol_patcher\releases\0.0.0.87\deploy\LoLPatcherUx.exe
() C:\Program Files (x86)\LOL\RADS\projects\lol_patcher\releases\0.0.0.87\deploy\LoLPatcherUx.exe
(Malwarebytes) D:\Aplicaciones\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Aplicaciones (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => %ProgramFiles%\Windows Defender\MSASCuiL.exe
HKLM\...\Run: [AvastUI.exe] => D:\Aplicaciones\Avast\AvLaunch.exe [213824 2017-05-20] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => D:\APLICACIONES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-310990250-1783371028-1297882228-1001\...\Run: [CCleaner Monitoring] => D:\Aplicaciones\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-310990250-1783371028-1297882228-1001\...\Run: [Spotify Web Helper] => C:\Users\Nicolas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1449584 2017-05-19] (Spotify Ltd)
HKU\S-1-5-21-310990250-1783371028-1297882228-1001\...\Run: [Steam] => D:\Aplicaciones (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Aplicaciones\Avast\ashShA64.dll [2017-05-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Aplicaciones\Avast\ashShA64.dll [2017-05-20] (AVAST Software)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.42.4.204 200.49.130.40
Tcpip\..\Interfaces\{bdb34417-cd21-4f12-b227-60e1d6eedda8}: [DhcpNameServer] 200.42.4.204 200.49.130.40
 
Internet Explorer:
==================
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-22] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-22] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-22] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Google Docs) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-19]
CHR Extension: (Google Drive) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
CHR Extension: (YouTube) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
CHR Extension: (Adblock Plus) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-05-19]
CHR Extension: (JSONView) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-05-19]
CHR Extension: (Avast SafePrice) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-19]
CHR Extension: (Postman) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-06-14]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-19]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-06-05]
CHR Extension: (Avast Online Security) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-07]
CHR Extension: (Botón Guardar de Pinterest) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-05-19]
CHR Extension: (Google Keep: notas y listas) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-06-26]
CHR Extension: (Clean Google Calendar) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\magodclodecbbnbdfpmoehfdddkhlfmm [2017-05-19]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-19]
CHR Extension: (АТС Binotel Plugin) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipojmebpdkjfohemanbbmobmkgoohgd [2017-06-26]
CHR Extension: (Gmail) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; D:\Aplicaciones (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] ()
R3 aswbIDSAgent; D:\Aplicaciones\Avast\x64\aswidsagenta.exe [7346208 2017-05-20] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\Aplicaciones\Avast\AvastSvc.exe [263304 2017-05-20] (AVAST Software)
R2 avast! Firewall; D:\Aplicaciones\Avast\afwServ.exe [310496 2017-05-20] (AVAST Software)
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [401456 2017-03-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412616 2017-06-11] (Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-30] (Microsoft Corporation)
R2 MBAMService; D:\Aplicaciones\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MsMpiLaunchSvc; D:\Aplicaciones\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; D:\Aplicaciones\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 SQLWriter; D:\Aplicaciones\Microsoft SQL Server\90\Shared\sqlwriter.exe [131776 2016-04-30] (Microsoft Corporation)
S3 Te.Service; D:\Aplicaciones (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-13] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService150; D:\Aplicaciones (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 Sense; "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe" [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S3 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] ()
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-20] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507928 2017-05-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-20] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-20] (REALiX™)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-26] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-26] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-06-26] (Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-20] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [954368 2017-05-20] (Realtek                                            )
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 23:34 - 2017-06-26 23:34 - 00000000 ____D C:\FRST
2017-06-26 23:23 - 2017-06-26 23:23 - 00000000 ____D C:\ProgramData\Riot Games
2017-06-26 23:17 - 2017-06-26 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-06-26 23:17 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-06-26 23:17 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-06-26 23:17 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-06-26 23:16 - 2017-06-26 23:16 - 00000000 ____D D:\Aplicaciones\LOL
2017-06-26 23:16 - 2017-06-26 23:16 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-26 23:09 - 2017-06-26 23:09 - 00000000 ___HD C:\OneDriveTemp
2017-06-26 23:01 - 2017-06-26 23:17 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Riot Games
2017-06-26 22:39 - 2017-06-26 23:02 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-26 22:39 - 2017-06-26 23:02 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-26 22:39 - 2017-06-26 23:02 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-26 22:39 - 2017-06-26 23:02 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-26 22:39 - 2017-06-26 22:39 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-26 22:39 - 2017-06-26 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-26 22:39 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-26 22:38 - 2017-06-26 22:38 - 00000000 ____D D:\Aplicaciones\Malwarebytes
2017-06-26 22:38 - 2017-06-26 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-26 22:30 - 2017-06-26 22:34 - 00000000 ____D C:\AdwCleaner
2017-06-26 14:30 - 2017-06-26 21:52 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Adobe
2017-06-26 14:30 - 2017-06-26 21:51 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Adobe
2017-06-26 14:30 - 2017-06-26 14:30 - 00000000 ____D C:\ProgramData\Adobe
2017-06-26 12:46 - 2017-06-26 14:36 - 00000132 _____ C:\Users\Nicolas\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2017-06-23 10:54 - 2017-06-23 10:54 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-12 13:25 - 2017-06-12 14:57 - 00001456 _____ C:\Users\Nicolas\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2017-06-06 11:05 - 2017-06-06 11:05 - 00061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2017-06-01 15:25 - 2017-06-01 15:25 - 00000000 ____D D:\Aplicaciones (x86)\Photoshop Cs6
2017-06-01 15:25 - 2017-06-01 15:25 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\NVIDIA
2017-06-01 15:25 - 2017-06-01 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photoshop Cs6
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 23:14 - 2017-05-20 01:24 - 00000000 ____D D:\Aplicaciones (x86)\Steam
2017-06-26 23:09 - 2017-05-19 15:23 - 00000000 ___RD C:\Users\Nicolas\OneDrive
2017-06-26 23:06 - 2017-05-19 15:24 - 03222176 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-26 23:06 - 2017-05-19 15:18 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-26 23:06 - 2017-03-20 02:10 - 01515126 _____ C:\Windows\system32\perfh00A.dat
2017-06-26 23:06 - 2017-03-20 02:10 - 00384588 _____ C:\Windows\system32\perfc00A.dat
2017-06-26 23:02 - 2017-05-19 15:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-26 23:02 - 2017-05-19 15:18 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-26 23:01 - 2017-05-19 15:22 - 00000000 ____D C:\Users\Nicolas
2017-06-26 23:01 - 2017-03-18 08:40 - 00524288 _____ C:\Windows\system32\config\BBI
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\system32\F12
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\system32\oobe
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\Provisioning
2017-06-26 22:35 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-06-26 22:35 - 2017-03-18 18:01 - 00000000 ____D C:\Windows\INF
2017-06-26 22:35 - 2017-03-18 08:40 - 00000000 ____D C:\Windows\system32\Dism
2017-06-26 22:23 - 2017-05-19 15:53 - 00000000 ____D C:\Users\Nicolas\AppData\Local\CrashDumps
2017-06-26 22:21 - 2017-05-19 15:39 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Google
2017-06-26 21:50 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\AppReadiness
2017-06-26 20:21 - 2017-05-19 15:22 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Packages
2017-06-26 14:46 - 2017-05-20 00:53 - 00000000 ____D D:\Aplicaciones\Avast
2017-06-26 12:48 - 2017-03-18 17:51 - 00000000 ____D C:\Windows\CbsTemp
2017-06-26 11:13 - 2017-05-20 02:23 - 00003062 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nicolas)
2017-06-26 11:08 - 2017-05-20 02:27 - 00000000 ____D C:\ProgramData\ProductData
2017-06-23 10:54 - 2017-03-18 18:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-23 10:54 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-20 21:58 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\rescache
2017-06-19 22:51 - 2017-05-19 15:54 - 00000000 ____D C:\Windows\system32\MRT
2017-06-19 22:49 - 2017-05-19 15:54 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-16 15:22 - 2017-05-19 15:23 - 00003294 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-16 15:22 - 2017-05-19 15:23 - 00002401 _____ C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-15 22:24 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\LiveKernelReports
2017-05-31 19:44 - 2017-05-19 15:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-31 19:38 - 2017-05-20 01:04 - 00003998 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1495253071
2017-05-31 19:38 - 2017-05-20 01:04 - 00000900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-31 19:38 - 2017-05-20 01:04 - 00000000 ____D D:\Aplicaciones\SZBrowser
 
==================== Files in the root of some directories =======
 
2017-06-26 12:46 - 2017-06-26 14:36 - 0000132 _____ () C:\Users\Nicolas\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2017-06-12 13:25 - 2017-06-12 14:57 - 0001456 _____ () C:\Users\Nicolas\AppData\Local\Adobe Guardar para Web 13.0 Prefs
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-19 16:03
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 27 June 2017 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Avast Online Security) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-07]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 Sense; "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe" [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S3 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
U1 aswbdisk; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
___


Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 04 July 2017 - 08:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users