Fix result of Farbar Recovery Scan Tool (x86) Version:31-08-2015 Ran by Usuario (2015-08-31 17:55:51) Run:1 Running from C:\Users\Usuario\Downloads Loaded Profiles: Usuario (Available Profiles: Usuario) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: () C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe (DsNET) C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd) HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit) S3 catchme; no ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2015-07-29 20:11 - 2009-06-07 06:27 - 00073728 _____ () C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\vbzlib1.dll 2015-07-31 09:40 - 2015-08-25 11:38 - 02874656 _____ () C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe 2015-08-29 15:52 - 2015-08-29 15:52 - 01938944 _____ C:\Users\Usuario\ZHPCleaner.exe 2015-08-29 11:21 - 2015-08-29 11:22 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Usuario\Downloads\JRT.exe 2015-08-28 01:00 - 2015-08-27 10:25 - 00024064 _____ C:\Windows\zoek-delete.exe 2015-08-27 10:41 - 2015-08-28 09:26 - 00030448 _____ C:\zoek-results.log 2015-08-27 10:25 - 2015-08-27 20:39 - 00000000 ____D C:\zoek_backup 2015-08-27 10:24 - 2015-08-27 10:25 - 01308672 _____ C:\Users\Usuario\Downloads\zoek.exe 2015-08-14 10:20 - 2015-08-20 10:36 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-14 10:20 - 2015-08-14 10:20 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-14 10:20 - 2015-08-14 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-14 10:20 - 2015-08-14 10:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-08-14 10:20 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-14 10:20 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-14 10:20 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-13 21:26 - 2015-08-13 21:33 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Usuario\Downloads\mbam-setup-2-1-8-1057.exe 2015-08-13 12:21 - 2015-08-13 12:21 - 00021384 _____ C:\ComboFix.txt 2015-08-11 20:26 - 2015-08-11 20:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe 2015-08-11 15:44 - 2015-08-11 15:44 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 5.9.lnk 2015-08-11 15:44 - 2015-08-11 15:44 - 00001266 _____ C:\Users\Public\Desktop\MV RegClean 5.9.lnk 2015-08-11 15:44 - 2015-08-11 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security 2015-08-11 15:43 - 2015-08-11 15:43 - 00000000 ____D C:\Program Files\Marcos Velasco Security 2015-08-10 11:34 - 2015-08-10 11:34 - 00501248 _____ (Facebook Inc.) C:\Users\Usuario\Downloads\FacebookVideoCallSetup_v1-2-205-0.exe 2015-08-09 10:57 - 2015-08-13 12:09 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2015-08-09 10:57 - 2015-08-13 10:46 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy 2015-08-09 10:57 - 2015-08-13 10:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-08-08 13:27 - 2015-08-08 13:59 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit 2015-08-08 13:27 - 2015-08-08 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-08-07 09:52 - 2015-08-07 09:53 - 02312551 _____ C:\Users\Usuario\Downloads\AMIR-ANTIVIRUS.zip 2015-08-07 09:36 - 2015-08-07 09:38 - 00000000 ____D C:\AdwCleaner 2015-08-07 09:35 - 2015-08-07 09:35 - 02248704 _____ C:\Users\Usuario\Downloads\adwcleaner-4-208-multi-win.exe 2015-08-06 23:08 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe 2015-08-06 23:08 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe 2015-08-06 23:08 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-08-06 23:08 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-08-06 23:08 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-08-06 23:08 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe 2015-08-06 23:08 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe 2015-08-06 23:08 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe 2015-08-06 23:07 - 2015-08-13 12:21 - 00000000 ____D C:\Qoobox 2015-08-06 23:05 - 2015-08-06 23:57 - 00000000 ____D C:\Windows\erdnt 2015-08-06 22:40 - 2015-08-06 22:44 - 05634244 ____R (Swearware) C:\Users\Usuario\Downloads\ComboFix.exe 2015-08-06 22:00 - 2015-08-29 15:53 - 00000834 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk 2015-08-02 20:28 - 2015-08-02 20:28 - 01871360 _____ C:\Users\Usuario\Downloads\ZHPCleaner-2015.8.1.312.exe 2015-08-29 20:33 - 2015-06-14 18:13 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP 2015-08-29 13:46 - 2015-06-12 14:24 - 46301184 _____ C:\Windows\system32\config\SOFTWARE.iobit 2015-08-29 13:46 - 2015-06-12 14:24 - 00323584 _____ C:\Windows\system32\config\DEFAULT.iobit 2015-08-29 13:46 - 2015-06-12 14:24 - 00028672 _____ C:\Windows\system32\config\SAM.iobit 2015-08-29 13:46 - 2015-06-12 14:24 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit 2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\IObit 2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Users\Todos os Usuários\IObit 2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\ProgramData\IObit 2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Program Files\IObit 2015-08-27 13:14 - 2015-06-14 18:18 - 00000512 _____ C:\PhysicalDisk0_MBR.bin 2015-08-27 13:14 - 2015-06-14 18:13 - 00000000 ____D C:\Program Files\ZHPDiag 2015-08-26 11:14 - 2015-06-11 18:00 - 00000000 ____D C:\Users\Todos os Usuários\Panda Security 2015-08-26 11:14 - 2015-06-11 18:00 - 00000000 ____D C:\ProgramData\Panda Security 2015-08-23 13:51 - 2015-06-12 14:24 - 30777344 _____ C:\Windows\system32\config\components.iobit 2015-08-05 19:51 - 2015-07-29 20:11 - 00001148 _____ C:\Users\Public\Desktop\:censurado: Catcher.lnk 2015-08-05 19:51 - 2015-07-29 20:11 - 00000049 _____ C:\Windows\system32\ScrRecX.log 2015-08-05 19:51 - 2015-07-29 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:censurado: Catcher Task: {07850895-27F7-4038-925B-01FF3FF4AF13} - System32\Tasks\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA} => pcalua.exe -a "C:\Program Files\IObit\Advanced SystemCare 8\SecurityHole_Backup\KB3001652.exe" -d "C:\Program Files\IObit\Advanced SystemCare 8" -c /quiet /norestart Task: {36A780BA-2C58-49ED-822A-DE5AB17CAC2C} - System32\Tasks\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31} => pcalua.exe -a "C:\Program Files\IObit\Advanced SystemCare 8\SecurityHole_Backup\KB2565063.exe" -d "C:\Program Files\IObit\Advanced SystemCare 8" -c /quiet /norestart Task: {53F07026-2003-4678-B182-1F013FFA34DF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core => C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {855F6B56-3145-451F-B6AA-6B926DCC3B3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd) Task: {A3250E99-CB5E-4008-A5F6-D52AE202E48C} - \Uninstaller_SkipUac_Usuario -> No File <==== ATTENTION CreateRestorePoint: EmptyTemp: Reboot: Hosts: end ***************** Processes closed successfully. C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe => No running process found C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe => No running process found HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. LiveUpdateSvc => service removed successfully. catchme => service removed successfully. VGPU => service removed successfully. "C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\vbzlib1.dll" => File/Folder not found. C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe => moved successfully C:\Users\Usuario\ZHPCleaner.exe => moved successfully C:\Users\Usuario\Downloads\JRT.exe => moved successfully C:\Windows\zoek-delete.exe => moved successfully C:\zoek-results.log => moved successfully C:\zoek_backup => moved successfully C:\Users\Usuario\Downloads\zoek.exe => moved successfully C:\Windows\system32\Drivers\MBAMSwissArmy.sys => moved successfully C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware => moved successfully C:\Program Files\Malwarebytes Anti-Malware => moved successfully C:\Windows\system32\Drivers\mbamchameleon.sys => moved successfully C:\Windows\system32\Drivers\mwac.sys => moved successfully C:\Windows\system32\Drivers\mbam.sys => moved successfully C:\Users\Usuario\Downloads\mbam-setup-2-1-8-1057.exe => moved successfully C:\ComboFix.txt => moved successfully C:\Users\Usuario\Downloads\HijackThis.exe => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 5.9.lnk => moved successfully C:\Users\Public\Desktop\MV RegClean 5.9.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security => moved successfully C:\Program Files\Marcos Velasco Security => moved successfully C:\Users\Usuario\Downloads\FacebookVideoCallSetup_v1-2-205-0.exe => moved successfully C:\Program Files\Spybot - Search & Destroy 2 => moved successfully C:\Users\Todos os Usuários\Spybot - Search & Destroy => moved successfully "C:\ProgramData\Spybot - Search & Destroy" => File/Folder not found. C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit => moved successfully "C:\ProgramData\Malwarebytes Anti-Exploit" => File/Folder not found. C:\Users\Usuario\Downloads\AMIR-ANTIVIRUS.zip => moved successfully C:\AdwCleaner => moved successfully C:\Users\Usuario\Downloads\adwcleaner-4-208-multi-win.exe => moved successfully C:\Windows\PEV.exe => moved successfully C:\Windows\MBR.exe => moved successfully C:\Windows\NIRCMD.exe => moved successfully C:\Windows\SWREG.exe => moved successfully C:\Windows\SWSC.exe => moved successfully C:\Windows\sed.exe => moved successfully C:\Windows\grep.exe => moved successfully C:\Windows\zip.exe => moved successfully C:\Qoobox => moved successfully C:\Windows\erdnt => moved successfully C:\Users\Usuario\Downloads\ComboFix.exe => moved successfully C:\Users\Usuario\Desktop\ZHPCleaner.lnk => moved successfully C:\Users\Usuario\Downloads\ZHPCleaner-2015.8.1.312.exe => moved successfully C:\Users\Usuario\AppData\Roaming\ZHP => moved successfully C:\Windows\system32\config\SOFTWARE.iobit => moved successfully C:\Windows\system32\config\DEFAULT.iobit => moved successfully C:\Windows\system32\config\SAM.iobit => moved successfully C:\Windows\system32\config\SECURITY.iobit => moved successfully C:\Users\Usuario\AppData\Roaming\IObit => moved successfully C:\Users\Todos os Usuários\IObit => moved successfully "C:\ProgramData\IObit" => File/Folder not found. C:\Program Files\IObit => moved successfully C:\PhysicalDisk0_MBR.bin => moved successfully C:\Program Files\ZHPDiag => moved successfully C:\Users\Todos os Usuários\Panda Security => moved successfully "C:\ProgramData\Panda Security" => File/Folder not found. C:\Windows\system32\config\components.iobit => moved successfully "C:\Users\Public\Desktop\:censurado: Catcher.lnk" => File/Folder not found. C:\Windows\system32\ScrRecX.log => moved successfully "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:censurado: Catcher" => File/Folder not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07850895-27F7-4038-925B-01FF3FF4AF13}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07850895-27F7-4038-925B-01FF3FF4AF13}" => key removed successfully. C:\Windows\System32\Tasks\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36A780BA-2C58-49ED-822A-DE5AB17CAC2C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A780BA-2C58-49ED-822A-DE5AB17CAC2C}" => key removed successfully. C:\Windows\System32\Tasks\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53F07026-2003-4678-B182-1F013FFA34DF}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53F07026-2003-4678-B182-1F013FFA34DF}" => key removed successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{855F6B56-3145-451F-B6AA-6B926DCC3B3F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855F6B56-3145-451F-B6AA-6B926DCC3B3F}" => key removed successfully. C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3250E99-CB5E-4008-A5F6-D52AE202E48C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3250E99-CB5E-4008-A5F6-D52AE202E48C}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Usuario" => key removed successfully. Restore point was successfully created. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 285.3 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 17:57:15 ====