Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

russian adware webpage

Started by Piratacobra , Sep 22 2016 03:24 PM
adware webpage

  • Please log in to reply

#1
Piratacobra
Posted 22 September 2016 - 03:24 PM

Piratacobra

    Member

  • Member
  • PipPip
  • 83 posts

When i open my chrome web browser, an tab opens with russian (cyrilic) characters; i have tried several antispyware and adware removal tools, without success; i don´t think is harmful, but is very annoying.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2016
Ran by Arlington (administrator) on ARLINGTON-PC (22-09-2016 16:26:07)
Running from C:\Users\Arlington\Desktop
Loaded Profiles: Arlington (Available Profiles: Arlington)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Users\Arlington\AppData\Roaming\ScreenMaker2\SSMaker.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9210400 2010-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3610322734-1835629939-1434593305-1000\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-3610322734-1835629939-1434593305-1000\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe [36547168 2016-02-17] (VoipConnect)
HKU\S-1-5-21-3610322734-1835629939-1434593305-1000\...\Run: [SSMaker2] => C:\Users\Arlington\AppData\Roaming\ScreenMaker2\SSMaker.exe [669696 2016-08-09] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-02-24] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{902D1A8A-0DCD-449D-BCDC-FE961ED11572}: [DhcpNameServer] 200.44.32.12 200.109.78.12
 
Internet Explorer:
==================
HKU\S-1-5-21-3610322734-1835629939-1434593305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-11] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-11] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Arlington\AppData\Roaming\Mozilla\Firefox\Profiles\efh62n31.default
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2009-07-14] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [2009-07-14] (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-11] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-08-16]
 
Chrome: 
=======
CHR Profile: C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default [2016-09-22]
CHR Extension: (Google Slides) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-05]
CHR Extension: (Google Docs) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-05]
CHR Extension: (Google Drive) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-05]
CHR Extension: (YouTube) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-05]
CHR Extension: (Google Sheets) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-05]
CHR Extension: (Chrome Media Router) - C:\Users\Arlington\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [60156 2011-06-15] (PowerISO Computing, Inc.) [File not signed]
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [106752 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-22 16:26 - 2016-09-22 16:26 - 00012109 _____ C:\Users\Arlington\Desktop\FRST.txt
2016-09-22 16:25 - 2016-09-22 16:26 - 00000000 ____D C:\FRST
2016-09-22 16:24 - 2016-09-22 16:24 - 01753088 _____ (Farbar) C:\Users\Arlington\Desktop\FRST.exe
2016-09-22 16:19 - 2016-09-22 16:20 - 00065536 ___HT C:\Users\Arlington\Documents\[email protected]
2016-09-21 11:45 - 2016-09-21 11:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2016-09-20 12:30 - 2016-09-20 12:31 - 00188509 _____ C:\Users\Arlington\Desktop\EPRB FOTO.jpeg
2016-09-14 12:15 - 2016-09-14 12:26 - 00352993 _____ C:\Users\Arlington\Desktop\rivotril 0,5 mg.jpeg
2016-09-13 19:59 - 2016-09-13 19:59 - 01081982 _____ C:\Users\Arlington\Downloads\planilla_Mayo2016 (4).pdf
2016-09-06 20:00 - 2016-09-06 20:00 - 00513895 _____ C:\Users\Arlington\Downloads\informe left eye (2).jpeg
2016-09-03 15:59 - 2016-09-03 15:59 - 00513895 _____ C:\Users\Arlington\Downloads\informe left eye (1).jpeg
2016-09-03 15:57 - 2016-09-03 15:57 - 00513895 _____ C:\Users\Arlington\Downloads\informe left eye.jpeg
2016-08-30 19:38 - 2016-08-31 19:56 - 00513895 _____ C:\Users\Arlington\Desktop\informe left eye.jpeg
2016-08-27 18:29 - 2016-08-27 18:32 - 00547287 _____ C:\Users\Arlington\Desktop\foto MENSAJE.jpeg
2016-08-26 19:00 - 2016-08-26 19:01 - 02067968 _____ C:\Users\Arlington\Downloads\Sem comentario.pps
2016-08-23 19:15 - 2016-08-23 19:15 - 02981888 _____ C:\Users\Arlington\Downloads\zpptMarkettaBirimova-mr.pps
2016-08-23 15:00 - 2016-08-23 15:00 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-22 16:26 - 2016-08-05 18:51 - 00000000 ____D C:\Users\Arlington\Documents\Outlook Files
2016-09-22 16:25 - 2016-08-06 16:54 - 02556928 _____ C:\Users\Arlington\Documents\[email protected]
2016-09-22 16:20 - 2016-03-05 04:03 - 00001024 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 15:28 - 2016-02-20 13:38 - 01684866 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-22 15:28 - 2009-07-14 04:18 - 00750336 _____ C:\Windows\system32\perfh00A.dat
2016-09-22 15:28 - 2009-07-14 04:18 - 00159748 _____ C:\Windows\system32\perfc00A.dat
2016-09-22 15:28 - 2009-07-13 22:07 - 00000000 ____D C:\Windows\inf
2016-09-22 09:03 - 2009-07-14 00:04 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-22 09:03 - 2009-07-14 00:04 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-22 08:50 - 2016-03-22 16:50 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2016-09-22 08:49 - 2016-03-22 16:49 - 00151552 _____ C:\Windows\KMSEmulator.exe
2016-09-22 08:49 - 2016-03-05 04:03 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-22 08:49 - 2016-02-20 14:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-22 08:49 - 2009-07-14 00:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-21 19:17 - 2016-02-20 15:07 - 00000000 ____D C:\Program Files\TeamViewer
2016-09-21 10:36 - 2016-02-20 13:25 - 00000000 ____D C:\Users\Arlington
2016-09-21 05:05 - 2016-03-22 16:50 - 00000000 ____D C:\Windows\AutoKMS
2016-09-21 05:05 - 2009-07-13 22:07 - 00000000 ____D C:\Windows\registration
2016-09-19 11:32 - 2016-04-13 19:31 - 00000000 ____D C:\Users\Arlington\AppData\Local\ElevatedDiagnostics
2016-09-14 12:16 - 2016-02-29 11:49 - 00000000 ___RD C:\Users\Arlington\Documents\Scanned Documents
2016-09-07 19:16 - 2009-07-13 22:07 - 00000000 ____D C:\Windows\system32\NDF
2016-09-06 18:58 - 2016-04-04 11:52 - 00000000 ____D C:\Users\Arlington\Desktop\Books basic, advanced and super adv. TODO
2016-09-03 17:59 - 2016-02-20 15:31 - 00000000 ____D C:\Users\Arlington\AppData\Roaming\Skype
2016-08-30 09:43 - 2016-02-20 15:07 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-08-24 09:38 - 2016-03-31 09:42 - 00160768 _____ C:\Users\Arlington\Desktop\ANA CRISTINA PUPPAK.ppt
2016-08-23 16:18 - 2016-02-20 14:53 - 00085360 _____ C:\Users\Arlington\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-23 15:03 - 2009-07-14 00:03 - 00341672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-23 15:00 - 2016-02-23 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-08-23 15:00 - 2009-07-13 22:07 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-23 14:58 - 2009-07-14 04:38 - 00000000 ____D C:\Windows\ShellNew
2016-08-23 14:58 - 2009-07-13 22:07 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-23 14:58 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
 
==================== Files in the root of some directories =======
 
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Arlington\AppData\Local\setup.txt
 
Some files in TEMP:
====================
C:\Users\Arlington\AppData\Local\Temp\libeay32.dll
C:\Users\Arlington\AppData\Local\Temp\msvcr120.dll
C:\Users\Arlington\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Arlington\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-15 16:05
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016
Ran by Arlington (22-09-2016 16:26:47)
Running from C:\Users\Arlington\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2016-02-20 17:55:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3610322734-1835629939-1434593305-500 - Administrator - Disabled)
Arlington (S-1-5-21-3610322734-1835629939-1434593305-1000 - Administrator - Enabled) => C:\Users\Arlington
Invitado (S-1-5-21-3610322734-1835629939-1434593305-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3610322734-1835629939-1434593305-1000\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.16 - Adobe Systems)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
Intel® Desktop Utilities (HKLM\...\{73057E75-01A8-4E78-8FF3-A9F3B7072FF0}) (Version: 1.0.0 - Intel Corporation)
Intel® Integrator Assistant (HKLM\...\{1CE76936-BE60-414E-8031-8544B2E52036}) (Version: 1.0.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Kvisoft PDF Merger 1.5.1 (HKLM\...\Kvisoft PDF Merger_is1) (Version: 1.5.1 - Kvisoft Co.,Ltd.)
Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.16.11.9107 - NVIDIA Corporation)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDFBinder (HKLM\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
PDFsam Basic (HKLM\...\{16742EBE-BF7C-4E42-A96C-81AD607D3B9C}) (Version: 3.10.0.0 - Andrea Vacondio)
PowerISO (HKLM\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6106 - Realtek Semiconductor Corp.)
ScreenMaker2 (HKU\S-1-5-21-3610322734-1835629939-1434593305-1000\...\ScreenMaker2) (Version:  - ) <==== ATTENTION
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SysTools MSG Viewer version 3.0 (HKLM\...\{4d3076b8-7517-4236-b907-1607dc153554}_is1) (Version: 3.0 - SysTools Software)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VoipConnect (HKLM\...\VoipConnect_is1) (Version: 4.14 build 770 - Finarea S.A. Switzerland)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A441191-4F25-48E6-8D81-09E2EE8BF983} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {0E9E3EC1-259D-4212-833F-34A7473D65F6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-03-22] ()
Task: {4C6B79F2-18FA-4BF3-8F65-7869131C1C82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-05] (Google Inc.)
Task: {591EA855-E207-4341-BA59-0872014B93EC} - System32\Tasks\{AB1A2B13-0680-4E01-B27A-26B1FBD56CF0} => pcalua.exe -a "C:\Users\Arlington\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YE9L1BO\JavaSetup8u101.exe" -d C:\Users\Arlington\Desktop
Task: {7527D02E-F8A5-4C18-BD9C-A82921DB9395} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-05] (Google Inc.)
Task: {A91DABAE-B664-4B98-95CF-070C44B9D438} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Arlington\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Arlington\AppData\Roaming\HPRewriter2\RewRun3.exe (No File)
Shortcut: C:\Users\Arlington\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Users\Arlington\AppData\Roaming\HPRewriter2\RewRun3.exe (No File)
Shortcut: C:\Users\Arlington\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\Arlington\AppData\Roaming\HPRewriter2\RewRun3.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\Arlington\AppData\Roaming\HPRewriter2\RewRun3.exe (No File)
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Users\Arlington\AppData\Roaming\HPRewriter2\RewRun3.exe (No File)
 
ShortcutWithArgument: C:\Users\Arlington\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download Intel® Desktop Utilities.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.intel.com/design/motherbd/software/idu/
ShortcutWithArgument: C:\Users\Arlington\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel® Integrator Assistant.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.intel.com/go/iia/
ShortcutWithArgument: C:\Users\Arlington\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> 3 0
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-09 10:35 - 2016-08-09 10:35 - 00669696 _____ () C:\Users\Arlington\AppData\Roaming\ScreenMaker2\SSMaker.exe
2016-09-17 17:23 - 2016-09-13 20:08 - 01806152 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-17 17:23 - 2016-09-13 20:08 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.116\libegl.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-04-23 07:02 - 2016-04-23 07:02 - 03989216 _____ () C:\Program Files\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2010-01-10 01:05 - 2010-01-10 01:05 - 01040736 _____ () D:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-01-10 18:37 - 2010-01-10 18:37 - 00058208 _____ () D:\Program Files\Microsoft Office\Office14\1033\UmOutlookStrings.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Arlington\Desktop\EPRB FOTO.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Desktop\EPRB FOTO.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Desktop\foto MENSAJE.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Desktop\foto MENSAJE.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Desktop\informe left eye.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Desktop\informe left eye.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Desktop\Miembro - SENIOR.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Desktop\Miembro - SENIOR.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Desktop\rivotril 0,5 mg.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Desktop\rivotril 0,5 mg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Documents\arlington 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Documents\arlington 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Documents\IVSS 14-03.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Documents\IVSS 14-03.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Documents\recibos Arlington-Infoguia.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Documents\recibos Arlington-Infoguia.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Documents\SIEX 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Documents\SIEX 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Arlington\Documents\Siex 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Arlington\Documents\Siex 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 17:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3610322734-1835629939-1434593305-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Arlington\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 200.44.32.12 - 200.109.78.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Users\Arlington\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{00390D49-438C-40C0-AABA-FBFB8C859B87}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{67311A0E-EBAA-4C33-BA6A-245B72EB4A36}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E1B2FCE6-8223-476A-8F4D-F2CAD3DF68A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AB228C40-47C8-43F4-AB25-34BCC1B41BEE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{27567DAA-D9C5-4644-88EC-A8AB7A60154A}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{3C39514E-DB68-4F64-A160-5A7702A2C149}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{BF733C53-E8FC-4776-8897-DB54D30E1735}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [UDP Query User{716E1FAE-EB15-4A65-A902-1727C70A10AB}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [{30639099-B60B-4FB8-8DC4-9411662BEDB7}] => (Allow) C:\Users\Arlington\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{12ABB3C0-615D-4860-9FB4-3AF00469DC39}] => (Allow) C:\Users\Arlington\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E6375287-E2D5-459E-A0A8-45634D4F45A8}] => (Allow) C:\Users\Arlington\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{351CE7F8-E674-4E3E-B370-E640F41561F5}] => (Allow) C:\Users\Arlington\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AED09061-15B5-4A94-91E3-403823FB3880}] => (Allow) C:\Users\Arlington\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E8B3D72-8EED-4342-9F4D-AE74876EF075}] => (Allow) C:\Users\Arlington\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ECD1113F-E687-4974-B6AA-BE4B9E2D9376}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{8310BB0B-2014-4E51-94CF-BBECE76FD0DB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{DD64EAEE-BF5C-4ED0-907C-30B632C291B6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A027D867-60B8-4ED0-BE92-AE58C00B625B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E98253A6-7C61-423A-89B9-FCC26196A0B4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-09-2016 17:06:00 Windows Update
13-09-2016 18:28:05 Windows Update
19-09-2016 11:07:10 Windows Update
21-09-2016 10:49:30 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2016 09:26:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (09/20/2016 12:43:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (09/19/2016 05:11:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 90080108).
 
Error: (09/17/2016 05:04:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (09/15/2016 06:16:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 90080108).
 
Error: (09/15/2016 04:11:15 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (09/14/2016 10:52:26 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (09/13/2016 06:55:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
Error: (09/12/2016 02:41:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 90080108).
 
Error: (09/12/2016 10:46:43 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80004005).
 
 
System errors:
=============
Error: (09/22/2016 04:25:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:25:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:25:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:25:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:24:44 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:24:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:24:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:24:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:24:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
Error: (09/22/2016 04:24:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó la siguiente alerta irrecuperable: 10. El estado del error interno es 10.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 70%
Total physical RAM: 1973.4 MB
Available physical RAM: 572.67 MB
Total Virtual: 3946.8 MB
Available Virtual: 2173.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:73.4 GB) (Free:37.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Nuevo vol) (Fixed) (Total:392.36 GB) (Free:298.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 42CCD44D)
Partition 1: (Active) - (Size=73.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=392.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

 


  • 0

Advertisements

#2
RKinner
Posted 23 September 2016 - 08:25 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Uninstall:

 

ScreenMaker2 (HKU\S-1-5-21-3610322734-1835629939-1434593305-1000\...\ScreenMaker2) (Version:  - ) <==== ATTENTION

 

If that doesn't help:

 

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  

     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 0

    #3
    Piratacobra
    Posted 05 October 2016 - 03:45 PM

    Piratacobra

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    Thanks, i think just the removal of that screenmaker did it, two thumbs up, friend, thanks again  :spoton:  :spoton:


    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP