Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Site opens my browser automatically


  • This topic is locked This topic is locked
13 replies to this topic

#1 wooldoor_sockbat

wooldoor_sockbat

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 29 June 2017 - 12:57 PM

Hi I'm new to the site

 

I found this page because this same thread appeared first in google results but the solution you gave isn't working in my computer.

 

Here's my case: I downloaded a non-steam counter strike using utorrent (sorry, I'm poor), and one time I downloaded a map and after that the game closed and it opened this site: CSGOfade.net I didn't expect this is to be malware. The next time I started up the computer the site opened the browser without any reason and has keep doing that since then.

 

Here's all the ways I tried to erase the freaking page.

 

- Adwcleaner

- Spybot

- Erasing any folder related to counter strike

- Blocking the site in any form by using ublock.

- Run the antivirus

 

But nothin has worked.

 

Thank you.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 30 June 2017 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post both logs for my review.

Wait for further instructions.

#3 wooldoor_sockbat

wooldoor_sockbat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 01 July 2017 - 07:50 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by ibarra (administrator) on IBARRA-PC (01-07-2017 21:46:53)
Running from C:\Users\ibarra\AppData\Local\Temp\scoped_dir4188_14904
Loaded Profiles: ibarra (Available Profiles: ibarra)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2016-12-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [StereoLinksInstall] => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\Run: [EPSON TX125 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGB.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-07-29] (Disc Soft Ltd)
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: G - G:\SETUP.EXE
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: {0ebafa68-53e3-11e5-b7aa-d9f6962d8aa9} - F:\setup\rsrc\autorun.exe
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: {287dbe23-3ffa-11e6-b9f1-af8c5af98a8a} - E:\setup.exe
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: {4b960dcc-aefd-11e5-baf9-a44952277e84} - F:\autorun.exe
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: {a2422cd8-7b2b-11e5-be40-ea84b6426c8d} - G:\Installer.exe
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: {b3a2c777-cdbb-11e5-a6be-f8d2e61a1b8b} - F:\OriginInstaller.exe
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: {b9c37fbc-a365-11e6-a1e0-8de63f943084} - H:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: {e5de5feb-cc1a-11e5-abd2-eba5526f9483} - F:\Setup\rsrc\autorun.exe
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\MountPoints2: {e7fbed08-f9a9-11e5-b9d8-e64cca1def83} - F:\Setup.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-06-10]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\ibarra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat [2017-06-04] ()
BootExecute: autocheck autochk * sh4native Sh4Removalsdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{84C067F2-1006-4711-998F-D06CF9645D93}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.centamnetworks.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: xeio79nd.default
FF ProfilePath: C:\Users\ibarra\AppData\Roaming\Profiles\xeio79nd.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default [2017-07-01]
FF user.js: detected! => C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\user.js [2017-02-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\hbn5sxh0.default -> hxxp://www.youndoo.com/?z=644dd83cfe33f2afa06a58bg1zfqbq7o0bbt3oew7e&from=sqr&uid=SAMSUNGXHD502HJ_S20BJ90B461719&type=hp
FF SearchPlugin: C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml [2016-06-18]
FF ProfilePath: C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333 [2017-07-01]
FF user.js: detected! => C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333\user.js [2017-02-18]
FF Homepage: Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333 -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (WhatsApp™ Desktop) - C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333\Extensions\jid1-uqwEAwSca3FXUo@jetpack.xpi [2016-04-16]
FF Extension: (Adblock Plus) - C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3926166395-3963816642-1161901092-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
 
Opera: 
=======
OPR Extension: (uBlock Origin) - C:\Users\ibarra\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-06-09]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-29] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-06-16] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2010-06-15] () [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-15] (Seiko Epson Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-05] (Disc Soft Ltd)
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2015-09-05] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47160 2015-09-05] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-16] (REALiX™)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-04-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2016-04-03] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [17568 2016-08-05] (Windows ® Win 7 DDK provider)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 e1kexpress; system32\DRIVERS\e1k62x64.sys [X]
S0 haltcd; System32\drivers\hpvhhva.sys [X]
S0 imsookmx; System32\drivers\drnnfx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-01 21:46 - 2017-07-01 21:46 - 00000000 ____D C:\FRST
2017-07-01 21:45 - 2017-07-01 21:45 - 02440704 _____ (Farbar) C:\Users\ibarra\Desktop\FRST64.exe
2017-06-30 20:51 - 2017-07-01 14:16 - 00000000 ____D C:\Users\ibarra\Downloads\Radiohead Discography (1993-2011) iTunes AAC 256
2017-06-30 12:46 - 2017-07-01 20:18 - 00000000 ____D C:\Users\ibarra\Downloads\Rush - Studio Discography (SHM-CD, Japan)
2017-06-30 12:42 - 2017-06-30 12:42 - 00077328 _____ C:\Users\ibarra\Downloads\[Sound-Park.ru] Rush - Ð Ð Ñ Ð Ð Ð Ñ Ð Ñ Ð Ñ Lossless -.torrent
2017-06-30 02:32 - 2017-06-30 02:32 - 00000000 ____D C:\Users\ibarra\Downloads\Isis
2017-06-29 23:13 - 2017-06-29 23:13 - 00022916 _____ C:\Users\ibarra\Downloads\345233.rar
2017-06-29 23:13 - 2013-08-30 09:40 - 00060235 _____ C:\Users\ibarra\Desktop\Person Of Interest [02x05] Bury The Lede.srt
2017-06-29 23:11 - 2017-06-29 23:11 - 00017161 _____ C:\Users\ibarra\Downloads\306642.rar
2017-06-29 23:11 - 2012-11-06 22:43 - 00060007 _____ C:\Users\ibarra\Desktop\Person of Interest S02E05 HDTV XviD-playTV.srt
2017-06-29 12:34 - 2017-06-29 12:39 - 00000000 ____D C:\AdwCleaner
2017-06-29 00:38 - 2017-06-29 00:56 - 00000000 ____D C:\Users\ibarra\Downloads\The Cure
2017-06-28 22:07 - 2017-06-28 22:07 - 00122725 _____ C:\Users\ibarra\Downloads\[Sound-Park.ru] Punky Brà ster Punky Bruster Devin Townsend Project - Discography Lossless -.torrent
2017-06-28 22:07 - 2017-06-28 22:07 - 00000000 ____D C:\Users\ibarra\Downloads\Devin Townsend
2017-06-28 01:35 - 2017-06-28 01:41 - 00000000 ____D C:\Users\ibarra\Downloads\Dave Gahan [Discography HQ]
2017-06-26 21:50 - 2017-06-26 21:50 - 00023989 _____ C:\Users\ibarra\Downloads\306638.zip
2017-06-26 21:50 - 2012-11-06 22:43 - 00060007 _____ C:\Users\ibarra\Desktop\Person.Of.Interest.S02E05.Bury.The.Lede.HDTV.x264-LOL.srt
2017-06-26 19:01 - 2016-12-11 15:47 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-06-26 19:01 - 2016-12-11 15:47 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-06-26 19:01 - 2016-12-11 15:47 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-06-26 19:01 - 2016-12-11 15:47 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-06-26 19:01 - 2016-12-11 15:47 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-06-26 19:01 - 2016-12-11 15:47 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-06-26 19:01 - 2016-12-11 15:47 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-06-26 19:01 - 2016-12-11 15:47 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-06-26 19:01 - 2016-12-09 05:52 - 07639617 _____ C:\Windows\system32\nvcoproc.bin
2017-06-26 19:00 - 2016-12-11 23:37 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-06-26 19:00 - 2016-12-11 23:37 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-06-25 21:19 - 2017-06-25 21:19 - 05818960 _____ C:\Users\ibarra\Downloads\Setup-2.7.zip
2017-06-25 21:19 - 2013-01-21 18:19 - 06173532 _____ (InstallShield Software Corporation) C:\Users\ibarra\Desktop\Setup-2.7.exe
2017-06-25 20:52 - 2017-06-25 20:52 - 00111912 _____ C:\Users\ibarra\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-25 20:50 - 2017-06-26 19:02 - 01809446 _____ C:\Windows\ntbtlog.txt
2017-06-25 03:33 - 2017-06-27 21:10 - 00000000 ____D C:\Users\ibarra\Downloads\INXS - Discography 1980 - 1997 CDRips 2011 Remasters [Bubanee]
2017-06-24 23:45 - 2017-06-24 23:47 - 00000000 ____D C:\Users\ibarra\Downloads\The Cure - Studio Discography [VBR]
2017-06-24 12:59 - 2017-06-24 13:06 - 00000000 ____D C:\Users\ibarra\Downloads\MACHINE HEAD - DISCOGRAPHY (1993-14) [CHANNEL NEO]
2017-06-24 12:28 - 2017-06-24 12:32 - 00442040 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-23 22:46 - 2017-07-01 21:28 - 00002466 _____ C:\Users\ibarra\Desktop\vba.ini
2017-06-23 22:44 - 2017-06-23 22:44 - 00592450 _____ C:\Users\ibarra\Downloads\VisualBoyAdvanceM878.7z
2017-06-23 22:44 - 2009-06-16 08:46 - 00819200 _____ (hxxp://vba-m.ngemu.com/) C:\Users\ibarra\Desktop\VisualBoyAdvanceM.exe
2017-06-23 22:14 - 2017-06-23 22:14 - 00000219 _____ C:\Users\ibarra\Desktop\Team Fortress 2.url
2017-06-23 21:13 - 2017-06-23 21:13 - 00000000 ____D C:\Users\ibarra\Downloads\Led Zeppelin - Discography [2156] PL
2017-06-23 20:34 - 2017-06-23 20:35 - 04110280 _____ C:\Users\ibarra\Desktop\adwcleaner_6.047.exe
2017-06-23 20:32 - 2017-06-23 21:28 - 292697047 _____ () C:\Users\ibarra\Downloads\CS 1.6.exe
2017-06-23 20:32 - 2017-06-23 20:34 - 00000000 ____D C:\Users\ibarra\Downloads\Coheed and Cambria Discography
2017-06-23 01:32 - 2017-06-23 03:13 - 00000000 ____D C:\Users\ibarra\Downloads\Obscura
2017-06-23 01:21 - 2017-06-23 01:21 - 00000000 ____D C:\Users\ibarra\Downloads\Interpol Discography 2000 - 2014 (P.a.I.D.)
2017-06-23 00:48 - 2017-06-23 00:48 - 00000000 ____D C:\Users\ibarra\Downloads\Between the Buried and Me Discography (2016) @320kbps
2017-06-23 00:26 - 2017-06-23 01:12 - 00000000 ____D C:\Users\ibarra\Downloads\Cynic Discography 2015
2017-06-22 22:27 - 2017-06-22 22:30 - 00000000 ____D C:\Users\ibarra\Downloads\The Dillinger Escape Plan - Dissociation (2016) [MP3~320Kbps]
2017-06-22 21:25 - 2017-06-22 21:26 - 00000000 ____D C:\Users\ibarra\Downloads\Mastodon - Emperor of Sand (2017)
2017-06-22 21:21 - 2017-06-23 00:01 - 00000000 ____D C:\Users\ibarra\Downloads\Slayer - Discography (1983 - 2009) [FLAC] [h33t] - Kitlope
2017-06-22 21:19 - 2017-06-22 21:59 - 00000000 ____D C:\Users\ibarra\Downloads\The Number Twelve Looks Like You
2017-06-22 19:53 - 2017-06-22 19:53 - 00000000 ____D C:\Users\ibarra\Downloads\The Dillinger Escape Plan Discography (1999-2013)
2017-06-22 11:43 - 2017-06-22 20:07 - 00000000 ____D C:\Users\ibarra\Downloads\Mastodon Discography 2000-2014
2017-06-21 23:12 - 2017-06-21 23:14 - 00000000 ____D C:\Users\ibarra\Downloads\Blur The Magic Whip [2015] 320
2017-06-21 22:32 - 2017-06-22 18:10 - 00000000 ____D C:\Users\ibarra\Downloads\Lamb Of God
2017-06-21 22:27 - 2017-06-21 22:46 - 00000000 ____D C:\Users\ibarra\Downloads\OASIS - DISCOGRAPHY (1994-10) [CHANNEL NEO]
2017-06-21 21:26 - 2017-06-21 21:26 - 00000000 ____D C:\Users\ibarra\Downloads\Pantera - Studio discography + 101 Proof [VBR]
2017-06-21 13:27 - 2017-06-21 13:27 - 00000000 ____D C:\Users\ibarra\Downloads\Gojira - Magma (2016)
2017-06-19 20:56 - 2017-06-27 22:56 - 00000000 ____D C:\Users\ibarra\Downloads\Pink Floyd (The Early Years) 1972 Obfusc_ation (2017) [FLAC 24-bit]
2017-06-18 22:45 - 2017-06-18 23:11 - 00000000 ____D C:\Users\ibarra\Downloads\HELMET - DISCOGRAPHY
2017-06-18 01:20 - 2017-06-30 13:46 - 00000000 ____D C:\Users\ibarra\Desktop\Roms
2017-06-18 00:35 - 2017-06-18 00:35 - 00000000 ____D C:\Users\ibarra\Downloads\Gojira - Discography
2017-06-17 23:54 - 2017-06-17 23:54 - 00000000 ____D C:\Users\ibarra\Downloads\Bruce Dickinson
2017-06-17 23:19 - 2017-06-17 23:37 - 00000000 ____D C:\Users\ibarra\Downloads\Dire Straits VINYLRip Discography
2017-06-17 20:08 - 2017-06-17 20:22 - 313993676 _____ C:\Users\ibarra\Downloads\P3rs0n.0f.1nt3r3st.S02E06.M0viesC0unter.c0m.mkv
2017-06-17 19:33 - 2011-12-08 21:49 - 00065155 _____ C:\Users\ibarra\Desktop\The.Sopranos.S01E01.720p.BluRay.x264-UNIT3D.srt
2017-06-17 19:31 - 2017-06-17 19:31 - 00288342 _____ C:\Users\ibarra\Downloads\454935.zip
2017-06-17 19:29 - 2017-06-17 19:43 - 314003134 _____ C:\Users\ibarra\Downloads\P3rs0n.0f.1nt3r3st.S02E05.M0viesC0unter.c0m.mkv
2017-06-17 13:08 - 2017-06-17 15:07 - 00000000 ____D C:\Users\ibarra\Downloads\Fun Lovin' Criminals - Classic Fantastic [mp3-320-2010]
2017-06-17 00:38 - 2017-06-17 00:38 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-17 00:38 - 2017-06-17 00:38 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 00:38 - 2017-06-17 00:38 - 00004504 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 00:38 - 2017-06-17 00:38 - 00004332 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-17 00:33 - 2017-06-17 00:33 - 00000126 _____ C:\Users\ibarra\Downloads\listen.pls
2017-06-16 23:53 - 2017-06-16 23:53 - 00000000 ____D C:\Users\ibarra\Downloads\Black Sabbath - Discography
2017-06-16 22:15 - 2017-07-01 09:53 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-06-16 22:15 - 2017-06-16 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2017-06-16 16:20 - 2017-06-23 22:14 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-16 16:20 - 2017-06-16 16:20 - 00000222 _____ C:\Users\ibarra\Desktop\Paladins.url
2017-06-16 15:57 - 2017-07-01 20:28 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-16 15:57 - 2017-06-16 15:57 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2017-06-16 15:57 - 2017-06-16 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-14 20:49 - 2017-06-14 20:50 - 00000000 ____D C:\Users\ibarra\Downloads\Fun Lovin' Criminals
2017-06-14 19:32 - 2017-06-14 19:35 - 00000000 ____D C:\Users\ibarra\Downloads\NewOrder
2017-06-12 20:41 - 2017-06-12 20:41 - 00374694 _____ C:\Users\ibarra\Downloads\apartado 4-0.pdf
2017-06-11 22:35 - 2017-06-21 01:37 - 00000000 ____D C:\Users\ibarra\Downloads\Judas Priest  [1974-2016]
2017-06-11 18:36 - 2017-06-11 19:10 - 00000000 ____D C:\Users\ibarra\Downloads\STONE TEMPLE PILOTS
2017-06-11 13:22 - 2017-06-14 19:41 - 00000000 ____D C:\Users\ibarra\Downloads\Duran.Duran.O.M.Collection.1981-2011
2017-06-10 19:23 - 2017-06-10 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2017-06-10 19:23 - 2017-06-10 19:23 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
2017-06-10 18:44 - 2017-06-10 18:44 - 00000000 ____D C:\ProgramData\GridinSoft
2017-06-10 18:42 - 2017-06-10 18:42 - 00079755 _____ C:\ProgramData\cl.1497130909.bdinstall.bin
2017-06-10 18:41 - 2017-06-10 18:41 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-06-10 18:03 - 2017-06-17 13:05 - 00000000 ____D C:\Users\ibarra\Downloads\Gridinsoft Anti-Malware 3.0.52 incl Patch - Crackingpatching.com
2017-06-10 17:50 - 2017-06-10 17:50 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\Obsidium
2017-06-10 11:49 - 2016-09-02 00:38 - 00001738 _____ C:\Windows\system32\Drivers\etc\hosts.20170610-114948.backup
2017-06-09 19:05 - 2017-06-09 19:10 - 00000000 ____D C:\Users\ibarra\Downloads\Beck
2017-06-09 17:40 - 2017-06-22 00:56 - 00000000 ____D C:\Users\ibarra\Downloads\Aphex Twin
2017-06-09 17:01 - 2017-06-09 17:15 - 00000000 ____D C:\Users\ibarra\Downloads\Die Toten Hosen - Diskografie
2017-06-09 17:00 - 2017-06-09 17:01 - 00000000 ____D C:\Users\ibarra\Downloads\Die Toten Hosen
2017-06-09 12:17 - 2017-06-30 12:46 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1497021439
2017-06-09 12:17 - 2017-06-10 12:38 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2017-06-09 12:17 - 2017-06-10 12:38 - 00001067 _____ C:\Users\Public\Desktop\Navegador Opera.lnk
2017-06-08 23:40 - 2017-06-08 23:40 - 00000000 ____D C:\ProgramData\Caphyon
2017-06-08 20:53 - 2017-06-08 20:53 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\Warzone
2017-06-07 20:58 - 2017-06-07 20:59 - 00000000 ____D C:\Users\ibarra\Downloads\Kings of Leon - WALLS (2016) [MP3~320Kbps]
2017-06-06 23:11 - 2017-06-09 16:10 - 00000000 ____D C:\Users\ibarra\Downloads\BAD RELIGION - DISCOGRAPHY [CHANNELNEO]
2017-06-06 21:53 - 2017-06-06 23:59 - 00000000 ____D C:\Users\ibarra\Downloads\Screaming Trees_discography_mp3
2017-06-06 20:53 - 2017-06-30 04:11 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\vlc
2017-06-06 20:18 - 2017-06-06 20:37 - 00000000 ____D C:\Users\ibarra\Downloads\My Morning Jacket - Discography (1999-2011) [FLAC]
2017-06-06 19:28 - 2017-06-06 19:29 - 00000000 ____D C:\Users\ibarra\Downloads\Primus
2017-06-06 19:10 - 2017-06-10 12:38 - 00001184 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2017-06-06 19:10 - 2017-06-06 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2017-06-06 19:10 - 2017-06-06 19:10 - 00000000 ____D C:\Program Files (x86)\DsNET Corp
2017-06-06 19:10 - 2013-05-23 09:52 - 00386560 _____ (Dart Communications) C:\Windows\SysWOW64\DartSecure2.dll
2017-06-06 19:10 - 2013-05-23 09:52 - 00234496 _____ (Dart Communications) C:\Windows\SysWOW64\DartCertificate.dll
2017-06-06 19:10 - 2013-05-06 13:17 - 00425472 _____ (Dart Communications) C:\Windows\SysWOW64\DartSock.dll
2017-06-06 19:10 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2017-06-06 19:09 - 2017-06-06 19:10 - 00000000 ____D C:\Users\ibarra\Downloads\Suede - Night Thoughts Album 2016
2017-06-04 15:03 - 2017-06-04 15:18 - 00000000 ____D C:\Users\ibarra\Downloads\Blur 21
2017-06-03 22:34 - 2017-06-03 22:34 - 00000000 ____D C:\Users\ibarra\Downloads\YES - Discography 1969-2009 Mp3 320 kbps
2017-06-02 23:39 - 2017-06-14 22:24 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\WhatsApp
2017-06-02 23:39 - 2017-06-10 12:38 - 00002136 _____ C:\Users\ibarra\Desktop\WhatsApp.lnk
2017-06-02 23:39 - 2017-06-02 23:39 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-06-02 23:38 - 2017-06-02 23:39 - 00000000 ____D C:\Users\ibarra\AppData\Local\WhatsApp
2017-06-02 23:38 - 2017-06-02 23:39 - 00000000 ____D C:\Users\ibarra\AppData\Local\SquirrelTemp
2017-06-02 19:53 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-06-02 19:53 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-06-02 19:53 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-06-02 19:53 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-06-02 19:52 - 2017-06-02 19:52 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2017-06-02 19:52 - 2017-06-02 19:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-06-01 20:22 - 2017-06-01 20:30 - 00000000 ____D C:\Users\ibarra\Downloads\KINGS OF LEON - DISCOGRAPHY (2003-13) [CHANNEL NEO]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-01 20:27 - 2017-03-12 00:30 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\qBittorrent
2017-07-01 13:02 - 2017-05-27 00:37 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\Winamp
2017-07-01 12:25 - 2015-12-29 17:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-01 11:50 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-07-01 10:02 - 2009-07-14 01:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-01 10:02 - 2009-07-14 01:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-01 09:53 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-30 12:46 - 2017-04-30 21:48 - 00000000 ____D C:\Program Files\Opera
2017-06-30 03:12 - 2011-04-12 06:10 - 00747396 _____ C:\Windows\system32\perfh00A.dat
2017-06-30 03:12 - 2011-04-12 06:10 - 00158868 _____ C:\Windows\system32\perfc00A.dat
2017-06-30 03:12 - 2009-07-14 02:13 - 01676890 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-30 03:12 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-06-29 12:38 - 2016-04-08 17:34 - 00000008 __RSH C:\Users\ibarra\ntuser.pol
2017-06-29 12:38 - 2016-03-19 11:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-06-29 12:38 - 2015-07-28 09:35 - 00000000 ____D C:\Users\ibarra
2017-06-26 19:02 - 2016-01-06 22:29 - 00000000 ____D C:\Users\ibarra\AppData\Local\CrashDumps
2017-06-26 19:01 - 2015-12-29 17:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-26 19:01 - 2015-12-29 17:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-26 19:01 - 2015-12-29 17:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-26 19:01 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Help
2017-06-26 18:56 - 2016-07-30 02:02 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-26 18:29 - 2016-09-08 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-25 21:19 - 2015-07-28 10:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-21 11:53 - 2009-07-14 02:08 - 00032524 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-21 01:51 - 2017-05-27 15:45 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-17 12:50 - 2009-07-14 02:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-17 00:38 - 2015-08-01 23:18 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-17 00:38 - 2015-08-01 23:18 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-17 00:38 - 2015-07-28 16:35 - 00000000 ____D C:\Users\ibarra\AppData\Local\Adobe
2017-06-16 22:15 - 2016-10-12 21:06 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-06-16 16:20 - 2017-01-29 10:24 - 00383016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-06-11 20:15 - 2015-11-11 02:34 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-06-11 20:14 - 2015-11-11 02:34 - 00000000 ___HD C:\Windows\msdownld.tmp
2017-06-10 22:30 - 2016-11-26 12:24 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-10 22:30 - 2016-04-03 01:23 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-10 22:30 - 2015-07-28 05:27 - 00000000 ____D C:\Windows\Panther
2017-06-10 17:59 - 2015-07-28 16:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-10 12:38 - 2017-05-28 22:42 - 00002000 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2017-06-10 12:38 - 2017-05-28 22:42 - 00001990 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2017-06-10 12:38 - 2017-05-27 00:37 - 00000977 _____ C:\Users\Public\Desktop\Winamp.lnk
2017-06-10 12:38 - 2017-05-15 20:51 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-10 12:38 - 2017-05-15 20:51 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-06-10 12:38 - 2017-04-30 22:45 - 00000886 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2017-06-10 12:38 - 2017-03-04 14:43 - 00002259 _____ C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2017-06-10 12:38 - 2017-03-04 00:24 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-10 12:38 - 2016-10-15 15:47 - 00001410 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-06-10 12:38 - 2016-08-13 14:03 - 00001811 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-06-10 12:38 - 2015-10-03 14:35 - 00001106 _____ C:\Users\Public\Desktop\WinRAR.lnk
2017-06-10 12:38 - 2015-08-08 15:13 - 00001054 _____ C:\Users\Public\Desktop\MyEpson Portal.lnk
2017-06-10 12:38 - 2015-07-29 16:18 - 00000928 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-06-10 12:38 - 2015-07-28 09:35 - 00001401 _____ C:\Users\ibarra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-10 12:38 - 2015-07-28 04:30 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-06-10 12:38 - 2015-07-28 04:30 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-06-10 12:38 - 2009-07-14 02:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-06-10 12:38 - 2009-07-14 01:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-10 12:38 - 2009-07-14 01:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-06-10 12:38 - 2009-07-14 01:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-06-10 12:38 - 2009-07-14 01:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-06-10 12:38 - 2009-07-14 01:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-06-10 12:35 - 2016-08-13 14:03 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-06-10 12:35 - 2015-11-16 20:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-09 12:17 - 2015-08-01 22:03 - 00000000 ____D C:\Users\ibarra\AppData\Local\Opera Software
2017-06-09 12:04 - 2017-02-18 11:22 - 00158368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.149702073385102
2017-06-03 02:22 - 2017-05-31 01:36 - 00000000 ____D C:\Users\ibarra\Downloads\System Of A Down - Studio albums (1998-2005) MP3
2017-06-02 21:24 - 2015-09-05 20:56 - 00000000 ____D C:\Users\ibarra\AppData\Roaming\DAEMON Tools Lite
 
==================== Files in the root of some directories =======
 
2016-04-02 22:48 - 2016-04-02 22:48 - 0000000 _____ () C:\Users\ibarra\AppData\Roaming\1.txt
2016-03-19 12:14 - 2016-10-25 00:30 - 0000152 _____ () C:\Users\ibarra\AppData\Roaming\WB.CFG
2015-09-20 19:28 - 2016-05-30 16:28 - 0005632 _____ () C:\Users\ibarra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-02 23:08 - 2016-06-02 23:08 - 0000710 _____ () C:\Users\ibarra\AppData\Local\recently-used.xbel
2016-04-10 13:58 - 2016-04-10 13:58 - 0237288 _____ () C:\ProgramData\1460307218.bdinstall.bin
2016-04-10 14:04 - 2016-04-10 14:04 - 0027613 _____ () C:\ProgramData\1460307853.bdinstall.bin
2016-08-28 23:06 - 2016-08-28 23:06 - 0001692 _____ () C:\ProgramData\1472436375.bdinstall.bin
2016-08-28 23:06 - 2016-08-28 23:06 - 0106888 _____ () C:\ProgramData\1472436382.bdinstall.bin
2017-06-10 18:42 - 2017-06-10 18:42 - 0079755 _____ () C:\ProgramData\cl.1497130909.bdinstall.bin
2016-04-10 12:50 - 2016-04-10 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-21 22:29 - 2017-01-30 15:06 - 0005504 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-21 22:29 - 2017-01-30 09:59 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
2017-06-30 13:39 - 2017-06-30 13:39 - 1572528 _____ (Tosotok                                                     ) C:\Users\ibarra\AppData\Local\Temp\ICReinstall_Yu-Gi-Oh! - Ultimate Masters Edition - World Championship Tournament 2006.exe
2017-06-26 18:29 - 2016-12-11 15:23 - 0353336 _____ (NVIDIA Corporation) C:\Users\ibarra\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-22 12:58
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by ibarra (01-07-2017 21:47:42)
Running from C:\Users\ibarra\AppData\Local\Temp\scoped_dir4188_14904
Windows 7 Ultimate Service Pack 1 (X64) (2015-07-28 12:35:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3926166395-3963816642-1161901092-500 - Administrator - Disabled)
ibarra (S-1-5-21-3926166395-3963816642-1161901092-1000 - Administrator - Enabled) => C:\Users\ibarra
Invitado (S-1-5-21-3926166395-3963816642-1161901092-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Actualización de NVIDIA 25.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.0.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Desinstalador de impresoras EPSON TX125 Series (HKLM\...\EPSON TX125 Series) (Version:  - SEIKO EPSON Corporation)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.0.52 - GridinSoft LLC)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IHMC CmapTools v6.01.01 (HKLM\...\IHMC CmapTools v6.01.01) (Version: 6.0.1.1 - Institute for Human & Machine Cognition)
Microsoft .NET Framework 4.6 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
NVIDIA Controlador de gráficos 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64F67489-76BB-4CDD-A236-F954BE774B35}) (Version: 9.09.0025 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Opera Stable 46.0.2597.32 (HKLM-x32\...\Opera 46.0.2597.32) (Version: 46.0.2597.32 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
Panel de control de NVIDIA 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.33 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
qBittorrent 3.3.12 (HKLM-x32\...\qBittorrent) (Version: 3.3.12 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TP-LINK TL-WN751ND Driver (HKLM-x32\...\{14770694-6C1C-4137-95F9-6F934D8491B4}) (Version: 1.00.0000 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{28C1EB1A-45AC-4B12-887F-98EE0AA0D6DD}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WhatsApp (HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\WhatsApp) (Version: 0.2.4240 - WhatsApp)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000C2434-CE62-44B4-AA39-F00F277B8B44} - System32\Tasks\{1CF3DE35-D38F-4A74-8F09-CEBABE8D7166} => C:\Users\ibarra\Desktop\3 demon\3-demon.exe
Task: {01C971FF-C3F9-4FD0-81AF-85ADCC4B062C} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {06DFC908-7300-4C6E-A6D8-C4263DB61614} - System32\Tasks\{358E7127-6D76-40A3-8127-EEE9CDE35D4E} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
Task: {07640E38-D0A7-426A-970E-22B256A3D080} - System32\Tasks\{58D62594-441C-4CC9-A888-BBC3988058E5} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {168B3690-D1C0-4BB2-B01C-8AC800E51788} - System32\Tasks\{9A7CD2FF-1994-4324-8AAB-31BDCD089FF8} => pcalua.exe -a C:\Users\ibarra\Desktop\TL-WN751ND\Setup.exe -d C:\Users\ibarra\Desktop\TL-WN751ND
Task: {1F7A738C-12B6-4EF5-A0B0-F75D01C6DA16} - System32\Tasks\{D4A95A0D-86CB-4315-9904-FB202A58BB47} => pcalua.exe -a "C:\Program Files (x86)\Capcom\Resident Evil 4\SetupTool.exe" -d "C:\Program Files (x86)\Capcom\Resident Evil 4"
Task: {212CDEAA-C610-4187-BACA-A9A017D9B495} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {276D2DEF-1BBC-4254-A07C-A2736F961D9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {2C108149-22A7-4249-B4FC-C72391041932} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {3A94886E-2216-40A8-B39F-57020C17CA38} - System32\Tasks\{BB2BB002-80F6-45BE-AB7F-0956EB1C2F60} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
Task: {3B050903-5283-427D-83C4-932D119187D5} - System32\Tasks\{CEE07FEE-97E7-42FC-8C44-B6163B3BB1DD} => pcalua.exe -a C:\Windows\IsUninst.exe -c -fC:\SIERRA\HELLFIRE\Uninst.isu
Task: {3CEAAC0B-CC2C-4BE6-B775-E7B4017EB454} - System32\Tasks\Opera scheduled Autoupdate 1497021439 => C:\Program Files\Opera\launcher.exe [2017-06-27] (Opera Software)
Task: {4A55426E-18A5-498C-BE6F-7C48CC95EF05} - System32\Tasks\{5AA861B2-1243-4696-BF16-11656BFF6E99} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
Task: {4AE79AFE-878C-4782-8325-DC84CF66AC4C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4E3AA5B5-1277-4520-9996-66D15E720FB3} - System32\Tasks\OptimizerTask => C:\Users\ibarra\AppData\Roaming\Prototype.PC\lcner.exe
Task: {513FD9D5-D0BD-4ED6-9483-65620A9A0AB5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {5E3E5AB1-431A-402F-ADE6-3490744A93EA} - System32\Tasks\{312F5D1B-954A-4413-999E-6578C299BD78} => pcalua.exe -a C:\Users\ibarra\Desktop\TL-WN751ND&TL-WN751N_121122\TL-WN751ND&TL-WN751N\Setup.exe -d C:\Users\ibarra\Desktop\TL-WN751ND&TL-WN751N_121122\TL-WN751ND&TL-WN751N
Task: {62C573F2-173A-4FB1-903B-38143D8008E9} - System32\Tasks\{27DF997C-04B5-4A2C-B675-28FC915C5269} => C:\Program Files (x86)\Rocksteady Studios\Batman Arkham Asylum - Game of the Year Edition\Binaries\BmLauncher.exe
Task: {6E2A97FB-1E90-4796-B570-003A93455FEF} - System32\Tasks\{0261D090-5EBC-4A23-B3E7-CE12FBD5D90B} => C:\Program Files (x86)\Rockstar Games\Manhunt\manhunt.exe
Task: {6F7576AE-5747-4CDC-ABCC-B57038C285EF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {7145CFF8-AF59-427A-A65D-1FD91F92490C} - System32\Tasks\{DB006D07-9EEF-4058-A2E0-788CBC5DF076} => C:\Program Files (x86)\Rockstar Games\Manhunt\manhunt.exe
Task: {760F3B1C-6D40-4E11-B261-01AEC1AA3A22} - \Phakichreenash Adapter -> No File <==== ATTENTION
Task: {79E04FA2-B356-4681-A7D6-C5D865210DE6} - System32\Tasks\{0E05E093-C3FA-4AFD-92DB-40D98176B0F2} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
Task: {7DC82C9E-4D41-4144-B28E-9861B9C655F5} - System32\Tasks\Driver Booster SkipUAC (ibarra) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {81FB85EE-1986-40FD-A163-3BEFEAF56C58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9D74D3EC-12AF-4EC8-8F3A-4C6B3582FE68} - System32\Tasks\{C02F9333-FBD9-4035-9A12-7CEE75257843} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
Task: {9EE4D191-26A8-4E64-AE02-EA6E80C700DA} - System32\Tasks\{B84D4636-6FEB-4165-8165-E4A8A34A60DB} => pcalua.exe -a "C:\Users\ibarra\Downloads\C&C Generals and Zero Hour\setup.exe" -d "C:\Users\ibarra\Downloads\C&C Generals and Zero Hour"
Task: {A31D664E-13C9-4629-9382-C853043191F8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {A80E1129-B56B-49D4-940C-2359B9ABBD4C} - System32\Tasks\{694B98ED-868E-4912-A55E-EDFBC854E436} => pcalua.exe -a C:\Users\ibarra\Desktop\RemoveOnRebootSetup.exe -d C:\Users\ibarra\Desktop
Task: {A8779080-07DA-4230-A716-E1667520F38A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {A9923CDD-4ED5-40D8-AB1D-DE4F3B2FAF6F} - System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\8e3ba590430e5635a8a90e68d0dc55d9.ps1 <==== ATTENTION
Task: {B5EEAF53-3336-4F84-A04D-A22B5965D4E3} - System32\Tasks\{46A2E79E-D852-4B6E-84DF-2609EF0F8AF1} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
Task: {B6F47E11-EEF0-4308-8A7D-2C175C219333} - System32\Tasks\{566AC231-A39E-4FBA-8868-85C021D00D7D} => C:\Users\ibarra\Desktop\3 demon\3-demon.exe
Task: {BAC8C5E3-B48F-46AD-8C39-63AAA7EE1AE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {C00C091A-FA34-450B-87D4-ED793DA55E08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CD479A24-7C9E-427B-89C5-80DFD15B1100} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {D595D00D-E3FA-479A-AE00-111DA321E27D} - System32\Tasks\{17703EE6-D5BF-4652-AB27-8D5F7F555D91} => C:\Program Files (x86)\R.G. Mechanics\Spider-Man - Shattered Dimensions\Launcher.exe
Task: {D864B719-8E98-4A6A-9AD7-795AC4EA1947} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {D8C1755C-B1C8-4FF2-99B6-68D7894C4E88} - System32\Tasks\{5C7C1975-355E-4C76-8A7A-3DAA87102C68} => pcalua.exe -a "C:\Program Files (x86)\Capcom\Resident Evil 4\SetupTool.exe" -d "C:\Program Files (x86)\Capcom\Resident Evil 4"
Task: {DF2EB803-97E0-4719-8D04-B8CC75356AFE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {EEAD2855-F16B-4E53-8E9A-59FF1A5D55BA} - System32\Tasks\{91AB7CB1-62BB-4AFB-8CE4-550553EDDC1B} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
Task: {EEBEDB5D-3C93-4992-AF9F-0AA2BD8E91BE} - System32\Tasks\{50B782DA-99FD-45A6-8A51-52FB51196223} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
Task: {F39BCAF1-B1B9-44D3-B4C9-515BA4F1FCE8} - System32\Tasks\{A47B32AB-4B5E-4E6F-A6B4-8BF2A61A1855} => pcalua.exe -a "C:\Program Files (x86)\Capcom\Resident Evil 4\SetupTool.exe" -d "C:\Program Files (x86)\Capcom\Resident Evil 4"
Task: {FB12C338-ED4D-45BC-B6A0-73164CF4639A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {FF790669-CAFD-4B81-921E-3B8DABF3B0BD} - System32\Tasks\{1C24037E-A210-401B-B875-458CB02043FE} => C:\Program Files (x86)\Activision\Marvel - Ultimate Alliance\mua.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-26 19:01 - 2016-12-11 15:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-15 15:47 - 2017-05-03 17:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-04 14:43 - 2012-10-11 09:36 - 00788992 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2017-06-13 10:08 - 2017-06-13 10:08 - 00073728 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2017-06-30 12:46 - 2017-06-30 12:46 - 89002584 _____ () C:\Program Files\Opera\46.0.2597.32\opera_browser.dll
2017-06-30 12:46 - 2017-06-30 12:45 - 03930712 _____ () C:\Program Files\Opera\46.0.2597.32\libglesv2.dll
2017-06-30 12:46 - 2017-06-30 12:45 - 00100440 _____ () C:\Program Files\Opera\46.0.2597.32\libegl.dll
2017-06-16 16:03 - 2017-05-16 22:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-06-16 16:03 - 2016-08-31 22:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-06-16 16:03 - 2016-08-31 22:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-06-16 16:03 - 2016-08-31 22:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-06-16 16:03 - 2017-06-08 02:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2017-06-16 16:03 - 2016-01-27 04:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-06-16 16:03 - 2016-01-27 04:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-06-16 16:03 - 2016-01-27 04:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-06-16 16:03 - 2016-01-27 04:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-06-16 16:03 - 2016-01-27 04:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-06-16 16:03 - 2017-06-08 02:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-06-16 16:03 - 2016-07-04 19:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-04 14:43 - 2012-10-11 15:44 - 01417216 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2017-03-04 14:43 - 2012-10-11 09:36 - 00167424 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2017-03-04 14:43 - 2012-10-11 09:36 - 00128000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2017-03-04 14:43 - 2012-10-11 09:36 - 00111616 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2017-06-16 16:10 - 2017-05-08 16:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-16 16:10 - 2017-05-16 22:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-06-16 16:03 - 2017-06-08 02:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-10-15 15:47 - 2017-05-03 17:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-01 13:02 - 2017-07-01 13:02 - 00014848 _____ () C:\Users\ibarra\AppData\Local\Temp\WES61C2.tmp\ml_online.lng
2017-07-01 13:02 - 2017-07-01 13:02 - 00008704 _____ () C:\Users\ibarra\AppData\Local\Temp\WES61C2.tmp\ombrowser.lng
2013-12-12 23:47 - 2013-12-12 23:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\ibarra\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\Remove WAT v2.2.5.2 - Windows 7 Activation:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\The Rolling Stones Discography (iTunes):Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\U2:Shareaza.GUID [34]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2017-06-10 11:49 - 00455429 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1    localhost127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
 
There are 15602 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ibarra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start.lnk => C:\Windows\pss\Start.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ibarra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Start.lnk => C:\Windows\pss\Start.lnk.Startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{56BA4333-9743-4AA7-8DA8-CF61308F9D9C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E5DD0364-C7E0-4940-AFAE-F78C4FC95C3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{88A628D4-9F23-41A0-96CE-A820CFC40C75}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{77BE16E9-0E13-4F11-9335-CFF558C44E68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BD34595E-8A26-4F6A-914D-10C455C276FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{3539A002-B574-4CF5-B67A-ACD34F0D1894}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{C2BDBA6A-0807-4507-B7D6-311664790F83}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{E3E81B74-77AB-4D29-9CD5-982FC43C959A}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{E3D0E278-790C-4A8C-AACE-501E88CD97B0}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{D55284D3-34EB-4616-8154-AC5DA34A3B56}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{1FAF1AFB-91BC-4101-A010-330FA4F0AFA0}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{875EBDA7-032B-45DC-BA25-A756E058C7A4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{2F450DA1-D14F-472C-AEC3-76C21AC411C3}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{C265A3DC-24F2-4A87-8C54-FC5A3E05F836}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{CC1C2166-3C3E-4BBC-B2BE-AD80E285DD44}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{36492415-AEB4-4A72-9E55-2281779E1922}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [{4CCEAA9A-9555-4931-BC91-FD4627F4EC15}] => (Allow) C:\Program Files\Opera\46.0.2597.32\opera.exe
 
==================== Restore Points =========================
 
29-06-2017 13:15:00 Punto de control programado
 
==================== Faulty Device Manager Devices =============
 
Name: Controladora Ethernet
Description: Controladora Ethernet
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/01/2017 05:26:27 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (07/01/2017 09:55:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/30/2017 10:43:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (06/30/2017 12:39:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/30/2017 03:26:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (06/29/2017 12:41:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/29/2017 12:32:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/28/2017 01:58:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (06/28/2017 01:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (06/27/2017 06:55:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 90080108).
 
 
System errors:
=============
Error: (07/01/2017 09:54:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
haltcd
imsookmx
 
Error: (06/30/2017 12:38:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
haltcd
imsookmx
 
Error: (06/29/2017 12:40:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
haltcd
imsookmx
 
Error: (06/29/2017 12:37:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Protección de software terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.
 
Error: (06/29/2017 12:37:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Steam Client Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (06/29/2017 12:37:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
 
Error: (06/29/2017 12:37:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
 
Error: (06/29/2017 12:37:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Disc Soft Lite Bus Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (06/29/2017 12:37:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio SAMSUNG Mobile Connectivity Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (06/29/2017 12:37:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA Telemetry Container terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 1000 milisegundos: Reiniciar el servicio.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-15 12:33:19.600
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-15 12:28:22.502
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-15 12:28:22.300
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-14 12:13:50.250
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-14 12:11:27.644
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-14 12:11:27.457
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-13 12:24:29.210
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-13 12:20:54.942
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-13 12:20:54.755
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2016-08-12 19:43:30.429
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 74%
Total physical RAM: 3957.38 MB
Available physical RAM: 1008.13 MB
Total Virtual: 7912.93 MB
Available Virtual: 4488.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:130.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 31C131C0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 wooldoor_sockbat

wooldoor_sockbat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 01 July 2017 - 07:51 PM

Sorry for the text in Spanish, my computer is working with that language.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 02 July 2017 - 07:36 AM

Hi,

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Toolbar: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
FF ProfilePath: C:\Users\ibarra\AppData\Roaming\Profiles\xeio79nd.default [not found] <==== ATTENTION
FF user.js: detected! => C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\user.js [2017-02-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\hbn5sxh0.default -> hxxp://www.youndoo.com/?z=644dd83cfe33f2afa06a58bg1zfqbq7o0bbt3oew7e&from=sqr&uid=SAMSUNGXHD502HJ_S20BJ90B461719&type=hp
FF SearchPlugin: C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml [2016-06-18]
FF user.js: detected! => C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333\user.js [2017-02-18]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin HKU\S-1-5-21-3926166395-3963816642-1161901092-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 e1kexpress; system32\DRIVERS\e1k62x64.sys [X]
S0 haltcd; System32\drivers\hpvhhva.sys [X]
S0 imsookmx; System32\drivers\drnnfx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {760F3B1C-6D40-4E11-B261-01AEC1AA3A22} - \Phakichreenash Adapter -> No File <==== ATTENTION
Task: {A9923CDD-4ED5-40D8-AB1D-DE4F3B2FAF6F} - System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\8e3ba590430e5635a8a90e68d0dc55d9.ps1 <==== ATTENTION
AlternateDataStreams: C:\Users\ibarra\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\Remove WAT v2.2.5.2 - Windows 7 Activation:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\The Rolling Stones Discography (iTunes):Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\U2:Shareaza.GUID [34]
C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml
C:\WINDOWS\System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

===

Please post the log and let me know if the problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 02 July 2017 - 07:36 AM

Hi,

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Toolbar: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
FF ProfilePath: C:\Users\ibarra\AppData\Roaming\Profiles\xeio79nd.default [not found] <==== ATTENTION
FF user.js: detected! => C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\user.js [2017-02-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\hbn5sxh0.default -> hxxp://www.youndoo.com/?z=644dd83cfe33f2afa06a58bg1zfqbq7o0bbt3oew7e&from=sqr&uid=SAMSUNGXHD502HJ_S20BJ90B461719&type=hp
FF SearchPlugin: C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml [2016-06-18]
FF user.js: detected! => C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333\user.js [2017-02-18]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin HKU\S-1-5-21-3926166395-3963816642-1161901092-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 e1kexpress; system32\DRIVERS\e1k62x64.sys [X]
S0 haltcd; System32\drivers\hpvhhva.sys [X]
S0 imsookmx; System32\drivers\drnnfx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {760F3B1C-6D40-4E11-B261-01AEC1AA3A22} - \Phakichreenash Adapter -> No File <==== ATTENTION
Task: {A9923CDD-4ED5-40D8-AB1D-DE4F3B2FAF6F} - System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\8e3ba590430e5635a8a90e68d0dc55d9.ps1 <==== ATTENTION
AlternateDataStreams: C:\Users\ibarra\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\Remove WAT v2.2.5.2 - Windows 7 Activation:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\The Rolling Stones Discography (iTunes):Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\U2:Shareaza.GUID [34]
C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml
C:\WINDOWS\System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

===

Please post the log and let me know if the problem persists.

#7 wooldoor_sockbat

wooldoor_sockbat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 04 July 2017 - 11:42 PM

Here's the file

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-07-2017
Ran by ibarra (05-07-2017 01:31:17) Run:2
Running from C:\Users\ibarra\Desktop\farbar tool
Loaded Profiles: ibarra (Available Profiles: ibarra)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [###MegaShellExtPending] ->
{056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Toolbar: HKU\S-1-5-21-3926166395-3963816642-1161901092-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
FF ProfilePath: C:\Users\ibarra\AppData\Roaming\Profiles\xeio79nd.default [not found] <==== ATTENTION
FF user.js: detected! => C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\user.js [2017-02-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo
FF SelectedSearchEngine:
Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\hbn5sxh0.default -> hxxp://www.youndoo.com/?z=644dd83cfe33f2afa06a58bg1zfqbq7o0bbt3oew7e&from=sqr&uid=SAMSUNGXHD502HJ_S20BJ90B461719&type=hp
FF SearchPlugin: C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml [2016-06-18]
FF user.js: detected! => C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333\user.js [2017-02-18]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin HKU\S-1-5-21-3926166395-3963816642-1161901092-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 e1kexpress; system32\DRIVERS\e1k62x64.sys [X]
S0 haltcd; System32\drivers\hpvhhva.sys [X]
S0 imsookmx;
System32\drivers\drnnfx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {760F3B1C-6D40-4E11-B261-01AEC1AA3A22} - \Phakichreenash Adapter -> No File <==== ATTENTION
Task: {A9923CDD-4ED5-40D8-AB1D-DE4F3B2FAF6F} - System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\8e3ba590430e5635a8a90e68d0dc55d9.ps1 <==== ATTENTION
AlternateDataStreams: C:\Users\ibarra\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\Remove WAT v2.2.5.2 - Windows 7 Activation:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\The Rolling Stones Discography (iTunes):Shareaza.GUID [16]
AlternateDataStreams: C:\Users\ibarra\Downloads\U2:Shareaza.GUID [34]
C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml
C:\WINDOWS\System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> => key not found. 
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> => key not found. 
{056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key not found. 
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key not found. 
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key not found. 
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key not found. 
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key not found. 
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value not found.
HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found. 
C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\user.js => not found.
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo => not found
FF SelectedSearchEngine: => not found
Mozilla\Firefox\Profiles\hbn5sxh0.default -> youndoo => Error: No automatic fix found for this entry.
FF Homepage: Mozilla\Firefox\Profiles\hbn5sxh0.default -> hxxp://www.youndoo.com/?z=644dd83cfe33f2afa06a58bg1zfqbq7o0bbt3oew7e&from=sqr&uid=SAMSUNGXHD502HJ_S20BJ90B461719&type=hp => not found
"C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml" => not found.
C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\y2l9jcan.default-1460837210333\user.js => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0 => key not found. 
HKU\S-1-5-21-3926166395-3963816642-1161901092-1000\Software\MozillaPlugins\torrents-time.com/TTPlugin => key not found. 
C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll => not found.
dgderdrv => service not found.
e1kexpress => service not found.
haltcd => service not found.
imsookmx => service not found.
System32\drivers\drnnfx.sys [X] => Error: No automatic fix found for this entry.
VGPU => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{760F3B1C-6D40-4E11-B261-01AEC1AA3A22} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Phakichreenash Adapter => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9923CDD-4ED5-40D8-AB1D-DE4F3B2FAF6F} => key not found. 
C:\Windows\System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8e3ba590430e5635a8a90e68d0dc55d9 => key not found. 
C:\Users\ibarra\Downloads => ":Shareaza.GUID" ADS could not remove.
"C:\Users\ibarra\Downloads\Remove WAT v2.2.5.2 - Windows 7 Activation" => ":Shareaza.GUID" ADS not found.
"C:\Users\ibarra\Downloads\The Rolling Stones Discography (iTunes)" => ":Shareaza.GUID" ADS not found.
"C:\Users\ibarra\Downloads\U2" => ":Shareaza.GUID" ADS not found.
"C:\Users\ibarra\AppData\Roaming\Mozilla\Firefox\Profiles\hbn5sxh0.default\searchplugins\kad956gy.xml" => not found.
"C:\WINDOWS\System32\Tasks\8e3ba590430e5635a8a90e68d0dc55d9" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4656249 B
Java, Flash, Steam htmlcache => 138240 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
ibarra => 399475 B
 
RecycleBin => 0 B
EmptyTemp: => 5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:33:04 ====
 
The site still appears after the reboot, though.
 
I reset both browsers internet explorer and opera.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 05 July 2017 - 07:37 AM

Hi.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is it now?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 10 July 2017 - 07:36 AM

Are you still with Me?

#10 wooldoor_sockbat

wooldoor_sockbat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 01 August 2017 - 11:38 AM

Hi, here's what I did,

 

I read in another similar thread than mine, one of the admin (I guess) recommended to use combofix so I downloaded and I run it. I run the program a few times. The first time that my computer reboot, the page did not open the browser, but trying to be sure that the next time won't happen again I reboot the computer once again and the site opened but in internet explorer rathen than opera which is my main browser, here's the log of the final analysis I did.

 

ComboFix 17-07-31.01 - ibarra 01/08/2017  13:21:42.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.54.3082.18.3957.2683 [GMT -3:00]
Running from: c:\users\ibarra\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2017-07-01 to 2017-08-01  )))))))))))))))))))))))))))))))
.
.
2017-08-01 16:28 . 2017-08-01 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-04 22:08 . 2017-07-04 22:08 -------- d-----w- c:\program files\qBittorrent
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-11 19:15 . 2017-06-17 03:38 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-07-11 19:15 . 2017-06-17 03:38 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-06-16 19:20 . 2017-01-29 13:24 383016 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2017-06-15 21:09 . 2017-06-15 21:09 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{984C1306-3943-419F-8DD5-D35BCE18B525}\offreg.4276.dll
2017-06-11 15:35 . 2017-06-11 15:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{984C1306-3943-419F-8DD5-D35BCE18B525}\offreg.5516.dll
2017-06-10 21:42 . 2017-06-10 21:42 79755 ----a-w- c:\programdata\cl.1497130909.bdinstall.bin
2017-05-03 20:21 . 2016-10-15 18:47 1893496 ----a-w- c:\windows\system32\nvspcap64.dll
2017-05-03 20:21 . 2016-10-15 18:47 1477240 ----a-w- c:\windows\SysWow64\nvspcap.dll
2017-05-03 20:21 . 2016-10-15 18:47 121464 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2017-05-03 20:21 . 2016-10-15 18:47 1755256 ----a-w- c:\windows\system32\nvspbridge64.dll
2017-05-03 20:21 . 2016-10-15 18:47 1317496 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2017-05-03 20:21 . 2017-05-12 00:23 57976 ----a-w- c:\windows\system32\drivers\nvvhci.sys
2017-05-03 20:21 . 2017-05-12 00:23 48248 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-05-03 20:21 . 2017-05-12 00:23 175736 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-05-03 20:21 . 2017-05-12 00:23 143480 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2017-05-03 19:28 . 2016-12-22 01:28 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 18:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 18:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 18:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-07-29 4299968]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-06-13 9803992]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2017-07-18 3062560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2013-12-13 85600]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2016-11-16 318128]
.
c:\users\ibarra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WindowsUpdate.bat [2017-6-4 57]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2017-3-4 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sh4native Sh4Removal\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dtultrascsibus;DAEMON Tools Ultra Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtultrascsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtultrascsibus.sys [x]
R3 dtultrausbbus;DAEMON Tools Ultra Virtual USB Bus;c:\windows\system32\DRIVERS\dtultrausbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtultrausbbus.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;Adaptador USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MyEpson Portal Service;MyEpson Portal Service;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc TBS
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 18:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 18:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 18:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-05-03 1893496]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2016-12-02 16776192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mStart Page = www.google.com
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-08-01  13:29:52
ComboFix-quarantined-files.txt  2017-08-01 16:29
ComboFix2.txt  2017-08-01 16:18
ComboFix3.txt  2017-08-01 16:04
.
Pre-Run: 161.528.766.464 bytes libres
Post-Run: 161.441.026.048 bytes libres
.
- - End Of File - - 43697600E37040EE8206DB7986E1192F
A36C5E4F47E84449FF07ED3517B43A31


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 01 August 2017 - 12:25 PM

Hi,


Do you check for Windows update every time you start the computer?
Disable this startup. Let me know if the problem persists.
c:\users\ibarra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat [2017-6-4 57]
.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 07 August 2017 - 07:12 AM

Are you still with me?

#13 wooldoor_sockbat

wooldoor_sockbat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 11 August 2017 - 05:58 PM

Yes, I'll try that and I'll let you know if it worked



#14 wooldoor_sockbat

wooldoor_sockbat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 August 2017 - 09:50 AM

Hi, I think it worked, the next time I boot the computer I'll confirm you if the site ceased to appear






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users