Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016 Ran by DACAT Computer's (administrator) on DACATCOMPUTERS (08-09-2016 07:37:03) Running from C:\Users\DACAT Computer's\Desktop Loaded Profiles: DACAT Computer's (Available Profiles: DACAT Computer's) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.) HKLM\...\Run: [USB Antivirus] => C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [406664 2016-06-07] (Power Software Ltd) HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1178392 2016-09-04] (BullGuard Ltd.) HKU\S-1-5-21-459310348-1112482388-1342751415-1000\...\Run: [GoogleChromeAutoLaunch_66044D0238289D879AA089D4FF4B32EE] => C:\Program Files\Google\Chrome\Application\chrome.exe [967496 2016-08-30] (Google Inc.) HKU\S-1-5-21-459310348-1112482388-1342751415-1000\...\Run: [{C278BE4D-C4D5-43CE-B864-81522531FC8F}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\xkhmeCjFTW').OkZOV))); ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-09-04] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-09-04] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-09-04] (BullGuard Ltd.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 89.101.251.228 89.101.251.229 Tcpip\..\Interfaces\{32531B1A-D376-4547-B1F2-C2B18E51FB8F}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{60389A30-E868-468D-B81A-598E27CF53F3}: [DhcpNameServer] 89.101.251.228 89.101.251.229 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-459310348-1112482388-1342751415-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-459310348-1112482388-1342751415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-27] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-01-26] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\DACAT Computer's\AppData\Roaming\Mozilla\Firefox\Profiles\s9j1vjhj.default-1456939752632 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-26] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-11-23] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF HKLM\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard => not found FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-02-09] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.nl/" CHR Profile: C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Presentaciones de Google) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-24] CHR Extension: (Google Docs) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-30] CHR Extension: (Google Drive) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Búsqueda de Google) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23] CHR Extension: (Hojas de cálculo de Google) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-24] CHR Extension: (Documentos de Google sin conexión) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-14] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14] CHR Extension: (Chrome Note) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbdondoinhldfacflpkjpkhhidbbgok [2016-09-03] CHR Extension: (Gmail) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-30] CHR Extension: (Chrome Media Router) - C:\Users\DACAT Computer's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-08] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1055000 2016-09-04] (BullGuard Ltd.) R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [590104 2016-09-04] (BullGuard Ltd.) R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [147224 2016-09-04] (BullGuard Ltd.) R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [384792 2016-09-04] (BullGuard Ltd.) R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [694552 2016-09-04] (BullGuard Ltd.) R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [4358936 2016-09-04] (BullGuard Ltd.) R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [488216 2016-09-04] (BullGuard Ltd.) R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [251160 2016-09-04] (BullGuard Ltd.) R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [343832 2016-09-04] (BullGuard Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [44720 2016-01-13] (Agnitum Ltd.) R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [338608 2016-01-13] (Agnitum Ltd.) R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [98608 2016-01-13] (BullGuard Ltd.) R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [27800 2016-01-13] (BullGuard Ltd.) R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [69512 2016-01-13] (BullGuard Ltd.) R3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [205992 2013-02-25] (Fresco Logic) R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [10843136 2011-08-09] (Intel Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-10] (Intel Corporation) R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [264416 2016-09-04] (BullGuard Ltd.) R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [21328 2016-09-04] (BullGuard Ltd.) R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [267336 2013-05-16] (Realtek Semiconductor Corp.) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [123968 2016-05-24] (Power Software Ltd) R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [428832 2016-03-31] (BitDefender S.R.L.) S3 catchme; \??\C:\Users\DACATC~1\AppData\Local\Temp\catchme.sys [X] S2 eamonm; system32\DRIVERS\eamonm.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-08 07:37 - 2016-09-08 07:37 - 00013587 _____ C:\Users\DACAT Computer's\Desktop\FRST.txt 2016-09-08 07:36 - 2016-09-08 07:36 - 01747968 _____ (Farbar) C:\Users\DACAT Computer's\Downloads\FRST.exe 2016-09-08 07:36 - 2016-09-08 07:36 - 01747968 _____ (Farbar) C:\Users\DACAT Computer's\Downloads\FRST (1).exe 2016-09-08 07:36 - 2016-09-08 07:36 - 01747968 _____ (Farbar) C:\Users\DACAT Computer's\Desktop\FRST.exe 2016-09-08 07:32 - 2016-09-08 07:37 - 00000000 ____D C:\FRST 2016-09-07 16:32 - 2016-09-07 16:32 - 00050570 _____ C:\Users\DACAT Computer's\Downloads\477107.rar 2016-09-07 16:20 - 2016-09-08 07:33 - 00000000 ____D C:\Program Files\trend micro 2016-09-07 16:20 - 2016-09-07 16:20 - 00000000 ____D C:\rsit 2016-09-07 16:07 - 2016-09-07 16:07 - 00034274 _____ C:\Users\DACAT Computer's\Downloads\Kilo Two Bravo (2014) [1080p] [YTS.AG].torrent 2016-09-07 16:06 - 2016-09-07 16:06 - 00029380 _____ C:\Users\DACAT Computer's\Downloads\Neighbors 2- Sorority Rising (2016) [1080p] [YTS.AG].torrent 2016-09-07 15:53 - 2016-09-07 15:54 - 00000000 ___SD C:\32788R22FWJFW 2016-09-07 15:53 - 2016-09-07 15:53 - 05658674 _____ (Swearware) C:\Users\DACAT Computer's\Downloads\ComboFix (2).exe 2016-09-07 15:50 - 2016-09-07 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-07 15:50 - 2016-09-07 15:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-09-07 15:50 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-09-07 15:50 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-09-07 15:49 - 2016-09-07 15:54 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2016-09-07 15:49 - 2016-09-07 15:50 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-07 15:49 - 2016-09-07 15:50 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Roaming\Malwarebytes 2016-09-07 15:49 - 2016-09-07 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-07 15:49 - 2016-09-07 15:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2016-09-07 15:49 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-09-07 15:48 - 2016-09-07 15:48 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\DACAT Computer's\Downloads\mbam-setup-1.75.0.1300.exe 2016-09-04 17:19 - 2016-09-04 17:19 - 00000164 _____ C:\Users\DACAT Computer's\Desktop\Unidad en Línea de BullGuard.lnk 2016-09-04 17:18 - 2016-09-04 17:18 - 00148008 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll 2016-09-04 17:18 - 2016-09-04 17:18 - 00061720 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll 2016-09-04 17:16 - 2016-09-08 07:33 - 00000400 _____ C:\Windows\system32\config\afw_hm.conf 2016-09-04 17:16 - 2016-09-08 07:33 - 00000004 _____ C:\Windows\system32\config\afw_db.conf 2016-09-04 17:16 - 2016-09-04 17:16 - 00001143 _____ C:\Users\Public\Desktop\BullGuard.lnk 2016-09-04 17:16 - 2016-09-04 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard 2016-09-04 17:16 - 2016-09-04 17:16 - 00000000 ____D C:\Program Files\Common Files\AV 2016-09-04 17:14 - 2016-09-04 17:14 - 00000000 ____D C:\Program Files\BullGuard Ltd 2016-09-04 17:13 - 2016-09-04 17:13 - 00027456 _____ C:\ProgramData\1473023634.bdinstall.bin 2016-09-04 17:09 - 2016-09-04 17:19 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Roaming\BullGuard 2016-09-04 17:08 - 2016-09-04 17:08 - 04601117 _____ C:\Users\DACAT Computer's\Downloads\BullGuard Antivirus 2016 Crack.rar 2016-09-04 17:07 - 2016-09-04 17:07 - 00000000 ____D C:\Program Files\Common Files\BullGuard Ltd 2016-09-04 17:06 - 2016-09-04 17:07 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-04 17:05 - 2016-09-08 07:37 - 00000000 ____D C:\ProgramData\BullGuard 2016-09-04 17:04 - 2016-09-04 17:04 - 00340296 _____ C:\Users\DACAT Computer's\Downloads\BullGuardDownloader.exe 2016-09-04 17:03 - 2016-09-04 17:03 - 00238369 _____ C:\ProgramData\1473022799.bdinstall.bin 2016-09-04 16:59 - 2016-09-04 16:59 - 00000000 ____D C:\ProgramData\Dumps 2016-09-04 16:54 - 2016-09-04 17:03 - 00000000 ____D C:\Program Files\Bitdefender 2016-09-04 16:35 - 2016-09-04 16:35 - 00000385 _____ C:\Users\DACAT Computer's\AppData\Roaminguser_gensett.xml 2016-09-04 16:34 - 2016-09-04 17:00 - 00003138 _____ C:\bdlog.txt 2016-09-04 16:33 - 2016-09-04 16:33 - 00000385 _____ C:\Windows\system32\user_gensett.xml 2016-09-04 16:32 - 2016-09-04 16:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2016-09-04 16:32 - 2016-09-04 16:32 - 00000000 ____D C:\ProgramData\BDLogging 2016-09-04 16:32 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll 2016-09-04 16:26 - 2016-09-04 16:26 - 00010579 _____ C:\ComboFix.txt 2016-09-04 16:13 - 2016-09-04 16:26 - 00000000 ____D C:\Qoobox 2016-09-04 16:13 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe 2016-09-04 16:13 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe 2016-09-04 16:13 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-09-04 16:13 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-09-04 16:13 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-09-04 16:13 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe 2016-09-04 16:13 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe 2016-09-04 16:13 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe 2016-09-04 16:12 - 2016-09-04 16:26 - 00000000 ____D C:\Windows\erdnt 2016-09-04 16:12 - 2016-09-04 16:12 - 05660313 ____R (Swearware) C:\Users\DACAT Computer's\Downloads\ComboFix.exe 2016-09-04 16:05 - 2016-09-06 10:44 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Local\CrashDumps 2016-09-04 16:05 - 2016-09-04 16:05 - 00000000 ____D C:\ProgramData\Bitdefender Agent 2016-09-04 16:02 - 2016-09-04 16:02 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Roaming\QuickScan 2016-09-04 15:49 - 2016-09-04 16:23 - 00000000 ____D C:\ProgramData\Norton 2016-09-04 15:48 - 2016-09-04 15:48 - 00000000 ____D C:\ProgramData\NortonInstaller 2016-09-04 15:32 - 2016-09-04 15:33 - 00000000 ____D C:\AdwCleaner 2016-09-04 15:31 - 2016-09-04 15:31 - 03826240 _____ C:\Users\DACAT Computer's\Downloads\adwcleaner_6.010.exe 2016-09-02 15:38 - 2016-09-02 15:48 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Roaming\Tropico 5 2016-09-02 15:38 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-09-02 15:38 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-09-02 15:38 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-09-02 15:38 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-09-02 15:38 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2016-09-02 15:38 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2016-09-02 15:38 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2016-09-02 15:38 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2016-09-02 15:38 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2016-09-02 15:38 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2016-09-02 15:38 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2016-09-02 15:38 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2016-09-02 15:38 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2016-09-02 15:38 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2016-09-02 15:38 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2016-09-02 15:38 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2016-09-02 15:38 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2016-09-02 15:38 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2016-09-02 15:38 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2016-09-02 15:38 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2016-09-02 15:38 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2016-09-02 15:38 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2016-09-02 15:38 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2016-09-02 15:38 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2016-09-02 15:38 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2016-09-02 15:38 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2016-09-02 15:38 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2016-09-02 15:38 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2016-09-02 15:38 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2016-09-02 15:38 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2016-09-02 15:38 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2016-09-02 15:38 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2016-09-02 15:38 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2016-09-02 15:38 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2016-09-02 15:38 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2016-09-02 15:38 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2016-09-02 15:38 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2016-09-02 15:38 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2016-09-02 15:38 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2016-09-02 15:38 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2016-09-02 15:38 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2016-09-02 15:38 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2016-09-02 15:38 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2016-09-02 15:38 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2016-09-02 15:38 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2016-09-02 15:38 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2016-09-02 15:38 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2016-09-02 15:38 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2016-09-02 15:38 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2016-09-02 15:38 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2016-09-02 15:38 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2016-09-02 15:38 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2016-09-02 15:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2016-09-02 15:38 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2016-09-02 15:38 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2016-09-02 15:38 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2016-09-02 15:38 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2016-09-02 15:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2016-09-02 15:38 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2016-09-02 15:38 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2016-09-02 15:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2016-09-02 15:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2016-09-02 15:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2016-09-02 15:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2016-09-02 15:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2016-09-02 15:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2016-09-02 15:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2016-09-02 15:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2016-09-02 15:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2016-09-02 15:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2016-09-02 15:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2016-09-02 15:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2016-09-02 15:38 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2016-09-02 15:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2016-09-02 15:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2016-09-02 15:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2016-09-02 15:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2016-09-02 15:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2016-09-02 15:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2016-09-02 15:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2016-09-02 15:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2016-09-02 15:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2016-09-02 15:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2016-09-02 15:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2016-09-02 15:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2016-09-02 15:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2016-09-02 15:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2016-09-02 15:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2016-09-02 15:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2016-09-02 15:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2016-09-02 15:36 - 2016-09-02 15:36 - 00000997 _____ C:\Users\DACAT Computer's\Desktop\Tropico 5.lnk 2016-09-02 15:36 - 2016-09-02 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tropico 5 2016-09-02 15:35 - 2016-09-02 15:38 - 00000000 ____D C:\Program Files\Tropico 5 2016-09-02 15:26 - 2016-09-02 15:26 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Roaming\PowerISO 2016-09-02 15:23 - 2016-09-02 15:25 - 00000000 ____D C:\Program Files\PowerISO 2016-09-02 15:23 - 2016-09-02 15:23 - 03612720 _____ (Power Software Ltd) C:\Users\DACAT Computer's\Downloads\PowerISO6-x64.exe 2016-09-02 15:23 - 2016-09-02 15:23 - 00000965 _____ C:\Users\Public\Desktop\PowerISO.lnk 2016-09-02 15:23 - 2016-09-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2016-08-12 16:38 - 2016-08-12 16:38 - 00028914 _____ C:\Users\DACAT Computer's\Downloads\Countdown (2016) [1080p] [YTS.AG].torrent 2016-08-09 16:20 - 2016-08-09 16:20 - 00000000 ____D C:\Users\DACAT Computer's\Downloads\Dads.Army.2016.HDRip.XViD-ETRG ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-08 07:34 - 2009-07-14 00:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-08 07:34 - 2009-07-14 00:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-08 07:26 - 2015-09-24 12:53 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-08 07:26 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-07 17:39 - 2016-04-14 23:43 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Roaming\uTorrent 2016-09-07 16:48 - 2015-09-24 12:53 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-07 16:07 - 2016-08-06 17:18 - 00000000 ____D C:\Users\DACAT Computer's\AppData\LocalLow\uTorrent 2016-09-07 15:39 - 2015-09-24 12:53 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-07 15:39 - 2015-09-24 12:53 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-07 03:41 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf 2016-09-06 10:44 - 2015-09-23 08:09 - 00000000 ____D C:\Windows\Minidump 2016-09-06 10:44 - 2015-09-22 18:57 - 00000000 ____D C:\Windows\Panther 2016-09-04 17:18 - 2016-01-13 04:07 - 00264416 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys 2016-09-04 17:18 - 2016-01-13 04:07 - 00021328 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys 2016-09-04 17:08 - 2015-09-29 19:37 - 00000000 ____D C:\Users\DACAT Computer's\Desktop\Thijno 2016-09-04 17:06 - 2009-07-13 22:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-09-04 17:03 - 2015-09-23 02:39 - 00000000 ____D C:\Users\DACAT Computer's 2016-09-04 16:24 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini 2016-09-04 16:23 - 2009-07-13 22:03 - 42467328 _____ C:\Windows\system32\config\SOFTWARE.bak 2016-09-04 16:23 - 2009-07-13 22:03 - 14942208 _____ C:\Windows\system32\config\SYSTEM.bak 2016-09-04 16:23 - 2009-07-13 22:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2016-09-04 16:23 - 2009-07-13 22:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2016-09-04 16:23 - 2009-07-13 22:03 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak 2016-09-04 15:33 - 2016-04-14 23:44 - 00000000 ____D C:\ProgramData\Lavasoft 2016-09-02 15:33 - 2015-09-29 18:45 - 00000000 ____D C:\Users\DACAT Computer's\Desktop\Musica 2016-09-02 15:22 - 2015-09-23 03:20 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Roaming\Nero 2016-08-22 13:50 - 2011-01-22 06:31 - 00697984 _____ C:\Windows\system32\perfh00A.dat 2016-08-22 13:50 - 2011-01-22 06:31 - 00135616 _____ C:\Windows\system32\perfc00A.dat 2016-08-22 13:50 - 2010-11-20 17:01 - 01559018 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-15 16:28 - 2016-07-29 13:13 - 00000000 ___SD C:\Users\DACAT Computer's\AppData\LocalLow\Temp 2016-08-09 16:25 - 2015-09-29 18:33 - 00000000 ____D C:\Users\DACAT Computer's\AppData\Roaming\vlc ==================== Files in the root of some directories ======= 2016-09-04 17:03 - 2016-09-04 17:03 - 0238369 _____ () C:\ProgramData\1473022799.bdinstall.bin 2016-09-04 17:13 - 2016-09-04 17:13 - 0027456 _____ () C:\ProgramData\1473023634.bdinstall.bin ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-08 14:55 ==================== End of FRST.txt ============================