Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2019 Ran by win8.1 (administrator) on WINA (17-02-2019 16:22:40) Running from F:\ Loaded Profiles: win8.1 (Available Profiles: win8.1) Platform: Windows 8.1 Pro (Update) (X64) Language: Español (España, internacional) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) =========================== GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{67C4DA2E-FE0F-49B7-8D7D-6D314B2F1F42}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BCB41417-93C5-4F47-8A40-AFCCDE8ED6DC}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{F767E5D0-A32B-42BA-A68B-BE5D1711513C}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1565744006-341084530-198036531-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-31] (Google Inc.) Chrome: ======= Error reading preferences. Please check "secure preferences" file for possible corruption. <==== ATTENTION CHR Profile: C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default [2019-01-09] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-31] CHR Extension: (No Name) - C:\Users\win8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-31] ==================== Services (Whitelisted) ==================== ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2013-08-22] (Microsoft Corporation) [File not signed] S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2013-08-22] (Microsoft Corporation) [File not signed] S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation) [File not signed] S3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed] S3 AppID; C:\Windows\system32\drivers\appid.sys [82944 2014-11-21] (Microsoft Corporation) [File not signed] R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [102912 2013-08-22] (Microsoft Corporation) [File not signed] S3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation) [File not signed] S3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation) [File not signed] R1 CSC; C:\Windows\System32\drivers\csc.sys [559104 2014-11-21] (Microsoft Corporation) [File not signed] S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation) [File not signed] S3 exfat; C:\Windows\System32\Drivers\exfat.sys [200704 2013-08-22] (Microsoft Corporation) [File not signed] S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation) [File not signed] S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [41472 2013-08-22] (Microsoft Corporation) [File not signed] S3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation) [File not signed] S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2019-02-17] (SurfRight B.V. -> ) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-12-31] (Martin Malik - REALiX -> REALiX(tm)) S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [13824 2013-08-22] (Microsoft Corporation) [File not signed] S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation) [File not signed] R0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [1469952 2018-12-31] () [File not signed] R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTKVHD64.sys [6400040 2019-01-09] () [File not signed] R3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [480176 2018-12-31] () [File not signed] R3 KillerEth; C:\Windows\system32\DRIVERS\e2xw8x64.sys [162456 2018-12-31] (Rivet Networks LLC -> Qualcomm Atheros, Inc.) S3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation) [File not signed] R3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74240 2014-11-21] (Microsoft Corporation) [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [405504 2014-11-21] (Microsoft Corporation) [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [202752 2014-11-21] (Microsoft Corporation) [File not signed] S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [115712 2014-11-21] (Microsoft Corporation) [File not signed] S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [13312 2013-08-22] (Microsoft Corporation) [File not signed] S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [43008 2014-11-21] (Microsoft Corporation) [File not signed] R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [103424 2014-11-21] (Microsoft Corporation) [File not signed] R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2543760 2018-12-31] (MEDIATEK INC. -> MediaTek Inc.) S3 netvsc; C:\Windows\System32\drivers\netvsc63.sys [87040 2014-11-21] (Microsoft Corporation) [File not signed] S3 Processor; C:\Windows\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation) [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2014-11-21] (Microsoft Corporation) [File not signed] S3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [84992 2013-08-22] (Microsoft Corporation) [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [408576 2014-11-21] (Microsoft Corporation) [File not signed] R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation) [File not signed] S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [195584 2014-11-21] (Microsoft Corporation) [File not signed] S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation) [File not signed] S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2014-11-21] (Microsoft Corporation) [File not signed] R2 srv; C:\Windows\System32\DRIVERS\srv.sys [412160 2014-11-21] (Microsoft Corporation) [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [246272 2014-11-21] (Microsoft Corporation) [File not signed] S3 storvsp; C:\Windows\System32\drivers\storvsp.sys [68608 2014-11-21] (Microsoft Corporation) [File not signed] R3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2013-08-22] (Microsoft Corporation) [File not signed] R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316928 2013-08-22] (Microsoft Corporation) [File not signed] S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [98304 2014-11-21] (Microsoft Corporation) [File not signed] S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation) [File not signed] S3 Vid; C:\Windows\System32\drivers\Vid.sys [220672 2014-11-21] (Microsoft Corporation) [File not signed] S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation) [File not signed] S3 vmbusr; C:\Windows\System32\drivers\vmbusr.sys [129536 2014-11-21] (Microsoft Corporation) [File not signed] S3 vpcivsp; C:\Windows\System32\drivers\vpcivsp.sys [65536 2014-11-21] (Microsoft Corporation) [File not signed] R1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [71680 2013-08-22] (Microsoft Corporation) [File not signed] R3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [36864 2013-08-22] (Microsoft Corporation) [File not signed] S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation) [File not signed] S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Windows -> Microsoft Corporation) R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [113664 2014-11-21] (Microsoft Corporation) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-17 16:16 - 2019-02-17 16:16 - 000001017 _____ C:\Users\Public\Desktop\MSI Command Center.lnk 2019-02-17 16:16 - 2015-08-18 09:51 - 001692840 _____ (MSI) C:\Windows\SysWOW64\muachost.exe 2019-02-17 16:16 - 2013-02-08 11:04 - 000000000 _____ C:\RAMDiskImage.img 2019-02-17 16:15 - 2019-02-17 16:22 - 000000000 ____D C:\FRST 2019-02-17 16:15 - 2019-02-17 16:16 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2019-02-17 16:15 - 2019-02-16 15:50 - 011576808 _____ (SurfRight B.V.) C:\Users\win8.1\Desktop\HitmanPro x64.exe 2019-02-17 16:14 - 2019-02-17 16:15 - 000001849 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2019-02-17 16:14 - 2019-02-17 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2019-02-17 16:13 - 2019-02-17 16:16 - 000000000 ____D C:\ProgramData\HitmanPro 2019-02-17 16:13 - 2019-02-17 16:14 - 000000000 ____D C:\Program Files\HitmanPro 2019-02-17 16:13 - 2019-02-17 14:22 - 007657592 _____ (ESET spol. s r.o.) C:\Users\win8.1\Desktop\esetonlinescanner_enu.exe 2019-02-17 16:13 - 2019-02-16 22:00 - 064309056 _____ (Malwarebytes ) C:\Users\win8.1\Desktop\explore.exe.exe 2019-02-17 16:13 - 2019-01-31 15:28 - 005072904 _____ (AO Kaspersky Lab) C:\Users\win8.1\Desktop\iExplore.exe.exe 2019-02-17 16:11 - 2019-02-17 16:11 - 000000000 ____D C:\Users\win8.1\AppData\Local\ESET 2019-02-17 16:10 - 2019-02-17 16:10 - 000000000 ____D C:\Windows\pss ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-17 16:16 - 2019-01-01 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2019-02-17 16:16 - 2018-12-31 18:56 - 000000000 ____D C:\Program Files (x86)\MSI 2019-02-17 16:16 - 2018-12-31 18:56 - 000000000 ____D C:\MSI 2019-02-17 16:16 - 2018-12-31 18:37 - 000000000 ____D C:\Program Files (x86)\Intel 2019-02-17 16:15 - 2019-01-09 17:33 - 000001902 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (win8.1) 2019-02-17 16:15 - 2018-12-31 19:03 - 000002852 _____ C:\Windows\System32\Tasks\Norton Product InstallerIdle 2019-02-17 16:15 - 2018-12-31 18:55 - 000002964 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-02-17 16:15 - 2018-12-31 18:36 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1565744006-341084530-198036531-1001 2019-02-17 16:15 - 2014-11-21 03:14 - 000927394 _____ C:\Windows\system32\PerfStringBackup.INI 2019-02-17 16:15 - 2014-11-21 02:24 - 000774740 _____ C:\Windows\system32\perfh00A.dat 2019-02-17 16:15 - 2014-11-21 02:24 - 000159266 _____ C:\Windows\system32\perfc00A.dat 2019-02-17 16:15 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2019-02-17 16:13 - 2018-12-31 18:42 - 000003822 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7FE37773-1C77-4E93-8504-2C451ADFDD6B} 2019-02-17 16:11 - 2018-12-31 18:55 - 000002242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-17 16:11 - 2018-12-31 18:55 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-02-17 16:10 - 2018-12-31 18:52 - 000000000 __SHD C:\Users\win8.1\IntelGraphicsProfiles 2019-02-17 16:10 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2019-02-17 16:10 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION LastRegBack: 2018-12-31 18:23 ==================== End of FRST.txt ============================