Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My pc is infected, I need your help [Solved]

Started by diegofba , Apr 24 2015 02:58 PM
little brother downloaded nasty? virus

  • This topic is locked This topic is locked

#1
diegofba
Posted 24 April 2015 - 02:58 PM

diegofba

    Member

  • Member
  • PipPip
  • 21 posts

Hello! So, my pc was infected yesterday; i found out almost two hours ago when i opened task manager to see an app called (nameofvideo).exe being executed, it was also enabled in the start tab. ... (nameofvideo).exe was an app that my little brother downloaded yesterday. i asked if he runned it, he said no and i deleted the file, he lied. ANYWAY (( nameofvideo was called video de chibola universitaria.exe))

Then i scanned my pc for virus and spybot search and destroy without any warning. Then i went to C/ program data/ and found 3 {letersandnumbers} which contained the file (nameofvideo).exe and (nameofvideo).dat. i "killed" all these files and runned antivirus/ spybot/ ccleaner and restarted my pc (nothing came out btw). Help me if i'm still infected thank you in advance.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Diego B (administrator) on DIEGO on 24-04-2015 15:36:36
Running from C:\Users\Diego B\Desktop
Loaded Profiles: Diego B (Available profiles: Diego B)
Platform: Windows 8.1 Single Language (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Flux Software LLC) C:\Users\Diego B\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-04] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-03-20] (Bitdefender)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-13] (Atheros Communications)
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Run: [f.lux] => C:\Users\Diego B\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-03-20] (Bitdefender)
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Corporation)
Startup: C:\Users\Diego B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\video [bleep] de chibola universitaria.lnk [2015-04-23]
ShortcutTarget: video [bleep] de chibola universitaria.lnk -> C:\ProgramData\{18717157-4052-a4c0-1871-17157405c55d}\video [bleep] de chibola universitaria.exe (No File)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\S-1-5-21-3919295077-688054640-3730574233-1001 -> DefaultScope {AC7B782E-B80C-41F5-8B63-7C40A3B4468E} URL = 
SearchScopes: HKU\S-1-5-21-3919295077-688054640-3730574233-1001 -> {AC7B782E-B80C-41F5-8B63-7C40A3B4468E} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-20] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-03-20] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-20] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-03-20] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 200.48.225.146 200.48.225.130
 
FireFox:
========
FF ProfilePath: C:\Users\Diego B\AppData\Roaming\Mozilla\Firefox\Profiles\88opunu8.default
FF Homepage: google.com/ncr
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3919295077-688054640-3730574233-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
FF Extension: Html Validator - C:\Users\Diego B\AppData\Roaming\Mozilla\Firefox\Profiles\88opunu8.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2015-04-24]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-03-20]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 
Chrome: 
=======
CHR Profile: C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20]
CHR Extension: (Google Docs) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20]
CHR Extension: (Google Drive) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-20]
CHR Extension: (YouTube) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20]
CHR Extension: (Google Search) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-20]
CHR Extension: (Google Sheets) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-20]
CHR Extension: (BetaFish Adblocker) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-20]
CHR Extension: (Bookmark Manager) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Ashish Mishra) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (Gmail) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-20]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-13] (Windows ® Win 7 DDK provider) [File not signed]
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-20] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-03-20] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-23] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-13] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-03-20] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-03-20] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-03-20] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-03-20] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-03-20] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-13] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-03-20] (BitDefender LLC)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-23] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 15:36 - 2015-04-24 15:37 - 00020241 _____ () C:\Users\Diego B\Desktop\FRST.txt
2015-04-24 15:36 - 2015-04-24 15:36 - 00000000 ____D () C:\FRST
2015-04-24 15:35 - 2015-04-24 15:35 - 02099712 _____ (Farbar) C:\Users\Diego B\Desktop\FRST64.exe
2015-04-24 14:06 - 2015-04-24 14:06 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-24 14:06 - 2015-04-24 14:06 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-24 14:06 - 2015-04-24 14:06 - 00000000 ____D () C:\Users\Diego B\AppData\Roaming\Mozilla
2015-04-24 14:06 - 2015-04-24 14:06 - 00000000 ____D () C:\Users\Diego B\AppData\Local\Mozilla
2015-04-24 14:06 - 2015-04-24 14:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-23 23:45 - 2015-04-24 15:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-23 23:45 - 2015-04-23 23:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-23 23:45 - 2015-04-23 23:45 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-23 23:45 - 2015-04-23 23:45 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-23 23:45 - 2015-04-23 23:45 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-04-23 23:45 - 2015-04-23 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-23 23:45 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-04-23 23:27 - 2015-04-24 11:27 - 00000402 _____ () C:\WINDOWS\Tasks\Bidaily Synchronize Task.job
2015-04-23 23:27 - 2015-04-23 23:27 - 00003294 _____ () C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task
2015-04-17 08:57 - 2015-04-17 08:57 - 00000000 ____D () C:\Users\Diego B\Documents\Avatar
2015-04-17 08:52 - 2015-04-17 09:04 - 00000000 ____D () C:\Users\Diego B\Documents\Youcam
2015-04-17 08:52 - 2015-04-17 08:52 - 00000000 ____D () C:\Users\Diego B\AppData\Local\CyberLink
2015-04-15 15:40 - 2015-04-15 15:40 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 11:35 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 11:35 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 11:35 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 11:35 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 11:35 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 11:35 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 11:35 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 11:35 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 11:35 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 11:35 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 11:35 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 11:35 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 11:35 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 11:35 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 11:35 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 11:35 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 11:35 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 11:35 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 11:35 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 11:35 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 11:35 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 11:35 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 11:35 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 11:35 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 11:35 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 11:35 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 11:35 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 11:35 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 11:35 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 11:35 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 11:35 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 11:35 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 11:35 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 11:35 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 11:35 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 11:35 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 11:35 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 11:35 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 11:35 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 11:35 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 11:35 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 11:35 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 11:35 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 11:35 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 11:35 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 11:35 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 11:35 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 11:35 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 11:35 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 11:35 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 11:35 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 11:35 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 11:35 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-14 17:01 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 17:00 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 17:00 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 17:00 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 17:00 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 17:00 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 17:00 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 17:00 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 17:00 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 17:00 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 17:00 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 17:00 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 17:00 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 17:00 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 17:00 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 17:00 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 17:00 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 17:00 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 17:00 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-10 08:35 - 2015-04-23 18:44 - 00000000 ____D () C:\Users\Diego B\AppData\Roaming\vlc
2015-04-10 08:34 - 2015-04-23 18:31 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-10 08:34 - 2015-04-10 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-10 08:34 - 2015-04-10 08:34 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-04-09 15:10 - 2015-04-09 15:10 - 00000000 __SHD () C:\Users\Diego B\AppData\Local\EmieUserList
2015-04-09 15:10 - 2015-04-09 15:10 - 00000000 __SHD () C:\Users\Diego B\AppData\Local\EmieSiteList
2015-04-09 15:10 - 2015-04-09 15:10 - 00000000 __SHD () C:\Users\Diego B\AppData\Local\EmieBrowserModeList
2015-04-08 22:11 - 2015-04-24 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2015-04-04 14:00 - 2015-04-04 14:01 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 14:00 - 2015-04-04 14:00 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-04 07:46 - 2015-04-04 07:46 - 00230529 _____ () C:\Users\Diego B\Desktop\5866 lose weight keywords.txt
2015-04-04 07:46 - 2015-04-04 07:46 - 00224768 _____ () C:\Users\Diego B\Desktop\1300-weight-loss-keywords.xls
2015-04-01 14:33 - 2015-04-19 09:43 - 00012823 _____ () C:\Users\Diego B\Desktop\30 day mini.xlsx
2015-03-27 23:01 - 2014-04-30 01:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-03-27 23:01 - 2014-04-30 01:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 15:30 - 2015-03-23 09:17 - 02062235 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-24 15:30 - 2015-03-20 01:29 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3919295077-688054640-3730574233-1001
2015-04-24 15:25 - 2013-08-22 05:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-24 15:24 - 2015-03-20 00:19 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 15:06 - 2015-03-20 09:25 - 00002896 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-04-24 15:06 - 2015-03-20 09:25 - 00000286 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-04-24 15:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-24 15:05 - 2015-03-20 00:19 - 00001110 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 15:05 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-24 15:05 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-24 15:02 - 2015-03-20 02:00 - 02850484 _____ () C:\Users\Public\CAFADEBUG.log
2015-04-23 15:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-19 15:17 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-17 12:25 - 2015-03-20 00:20 - 00002212 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 09:13 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 17:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 17:35 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 15:40 - 2014-11-22 00:29 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 12:14 - 2015-03-20 22:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 12:09 - 2015-03-20 22:36 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-13 18:24 - 2014-11-22 00:34 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2014-11-22 00:34 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-10 18:03 - 2014-11-21 20:05 - 01833224 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-10 18:03 - 2014-11-21 19:26 - 00812192 _____ () C:\WINDOWS\system32\perfh00A.dat
2015-04-10 18:03 - 2014-11-21 19:26 - 00167450 _____ () C:\WINDOWS\system32\perfc00A.dat
2015-04-09 22:57 - 2015-03-20 00:47 - 00000000 ____D () C:\Users\Diego B\AppData\Roaming\uTorrent
2015-04-09 14:07 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-04-08 22:16 - 2015-03-23 09:03 - 00000000 ____D () C:\Users\Diego B
2015-04-02 12:46 - 2015-03-19 15:19 - 00000000 ____D () C:\Users\Diego B\Desktop\aaa
2015-03-26 09:10 - 2014-11-21 19:49 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-26 09:10 - 2014-11-21 19:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-03-26 09:10 - 2014-11-21 19:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-03-26 09:10 - 2014-11-21 19:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-03-26 09:10 - 2014-11-21 19:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-03-26 09:10 - 2014-11-21 19:26 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-03-26 09:10 - 2014-11-21 19:26 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-03-26 09:10 - 2014-11-21 19:26 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-03-26 09:10 - 2014-11-21 19:26 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-26 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-26 09:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-25 17:47 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-03-25 17:24 - 2015-03-23 02:50 - 00000000 ___DC () C:\WINDOWS\Panther
 
==================== Files in the root of some directories =======
 
2013-08-22 05:19 - 2013-08-22 05:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-17 09:17
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by Diego B at 2015-04-24 15:37:26
Running from C:\Users\Diego B\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3919295077-688054640-3730574233-500 - Administrator - Disabled)
Diego B (S-1-5-21-3919295077-688054640-3730574233-1001 - Administrator - Enabled) => C:\Users\Diego B
Invitado (S-1-5-21-3919295077-688054640-3730574233-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
f.lux (HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 es-ES)) (Version: 37.0.2 - Mozilla)
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.229 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.2.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3919295077-688054640-3730574233-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
10-04-2015 09:28:01 Punto de control programado
14-04-2015 21:48:38 Windows Update
23-04-2015 10:29:29 Punto de control programado
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-04-02 21:06 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F5D2781-B064-46FA-9342-EA565E1E7E63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {1092C753-6B40-415F-A659-B3DA364D95A8} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {16E643E0-6790-4F56-868B-E2BA16CB2D76} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {4741755A-043A-4C5B-AA0D-E8E0BA3D8BD1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4E94200A-B034-4491-8834-1FF5F53FABBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {516AC2CF-5E00-4C1B-ADD4-D16B20F45C97} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {626A4F59-E403-43EF-9E8A-2FADA90D2B9D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-03-09] (Lenovo)
Task: {664ACFA4-DD0A-41BF-969C-E8E80856E7B6} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{78542764-078a-aae7-7854-427640789d90}\video [bleep] de chibola universitaria.exe
Task: {68E9331A-D4E4-43C6-B262-48A75BAA4D48} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-03-20] ()
Task: {8310BCB4-56D3-499C-A0CF-0B5C25CDE394} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {85F3AFF4-0A82-469C-90D0-A301C961745B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
Task: {921DA7E8-B58E-4F9D-8651-60B5AD34C1EA} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {92F27C9C-5778-4B44-BB1F-BDBE1616E18E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {961F97AD-9CE8-4E20-B90F-D2BDB889DAE4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-04] (Synaptics Incorporated)
Task: {9AD908A7-37B6-467E-9944-00DB32BF211F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A10D17A3-AC3D-4D73-8DC9-5C7BC845D435} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {A41DE063-1356-4365-B69F-F70E1377952F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {A6156DF2-C31C-41FC-84B5-BFB597B4BFBD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B1AACC29-E599-4591-919C-BF9285AED603} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B7909583-4B71-49F6-A6A6-638D6943EE8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {B843D7B4-6168-4C11-87F3-99FAC8515022} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {D43D3893-5CF6-4406-BB15-F9C8866C13D9} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {DE4A3E5B-7CB4-4FC3-8EDF-FADACB327207} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F4BD53FB-BD12-4018-9CDF-25FFA963122D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{78542764-078a-aae7-7854-427640789d90}\video [bleep] de chibola universitaria.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-20 09:30 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-03-20 09:30 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-03-20 09:30 - 2014-12-17 14:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-03-20 09:30 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-20 14:51 - 2015-04-20 14:51 - 00789856 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpbr.mdl
2015-04-20 14:51 - 2015-04-20 14:51 - 00710016 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpdsp.mdl
2015-04-20 14:51 - 2015-04-20 14:51 - 02683008 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpph.mdl
2015-04-20 14:51 - 2015-04-20 14:51 - 01325480 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttprbl.mdl
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-06-13 05:44 - 2013-06-13 05:44 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-13 05:40 - 2013-06-13 05:40 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-13 05:47 - 2013-06-13 05:47 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-04-23 23:45 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-23 23:45 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-23 23:45 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-23 23:45 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-23 23:45 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-08-22 05:15 - 2012-07-17 23:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-17 12:25 - 2015-04-13 16:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 12:25 - 2015-04-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\ma-config.com -> hxxp://ma-config.com
IE trusted site: HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\ma-config.com -> hxxps://ma-config.com
IE trusted site: HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\touslesdrivers.com -> hxxp://touslesdrivers.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 200.48.225.146 - 200.48.225.130
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\StartupApproved\StartupFolder: => "video [bleep] de chibola universitaria.lnk"
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\StartupApproved\Run: => "Bitdefender Wallet Agent"
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 6009.77 MB
Available physical RAM: 3832.64 MB
Total Pagefile: 6969.77 MB
Available Pagefile: 4597.49 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:424.11 GB) (Free:394.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:11.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D6C3D924)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Edited by diegofba, 24 April 2015 - 03:08 PM.

  • 0

Advertisements

#2
diegofba
Posted 24 April 2015 - 04:11 PM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

do i need to change all my passwords?  :smashcomp:


  • 0

#3
Essexboy
Posted 25 April 2015 - 06:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Hi there, the forum software is changing some of the file names.  Could you attach the FRST logs please  


  • 0

#4
diegofba
Posted 25 April 2015 - 07:22 AM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

hi there :laughing: , here you go.

Attached Files


  • 0

#5
Essexboy
Posted 25 April 2015 - 07:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see why it comes back, twice a day it runs a task to re-install it from a backup.. So lets kill that :)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer


Save the attached fixlist.txt, in the same location as FRST.exe
Attached File  fixlist.txt   1.92KB   251 downloads
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
Once done could you let me know of any other problems
  • 0

#6
diegofba
Posted 25 April 2015 - 08:48 AM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

ok essex i did that, here are the results. 

Is my pc safe now? how do i check? could they stole my passwords? do i unistall frst / adwcleaner ? anything else i need to do for now?

 

Thanks a lot for the help, i really appreciate it.  :spoton: can u point me to a thread about how to stay safe / security? > i can search so you don't need to answer this

 

Thanks again, let me now anything

 

Attached Files


  • 0

#7
Essexboy
Posted 25 April 2015 - 09:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Is my pc safe now? how do i check? could they stole my passwords? do i unistall frst / adwcleaner ? anything else i need to do for now?

Thanks a lot for the help, i really appreciate it. :spoton: can u point me to a thread about how to stay safe / security? > i can search so you don't need to answer this

Whoa slow down :)

I will safely remove the tools once you are happy And I will give security tips at the same time , I saw no sign of keyloggers/password stealers so you should be OK on that front.

Any further problems apparent ?
  • 0

#8
diegofba
Posted 25 April 2015 - 12:25 PM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Whoa slow down :)


I will safely remove the tools once you are happy And I will give security tips at the same time , I saw no sign of keyloggers/password stealers so you should be OK on that front.

Any further problems apparent ?

 

 

hahah. it seems good, i can't detect any problems. i'm glad there weren't keyloggers  :spoton:  :spoton:

Thanks for your help, tell me how to remove the tools  :prop:  Thnx again legend


  • 0

#9
Essexboy
Posted 25 April 2015 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#10
diegofba
Posted 25 April 2015 - 05:08 PM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

wow thanks a lot, really. I will follow your advice and wait a bit. That little guide gonna keep me entertained meanwhile  :wave:

Thanks, you're a hero


  • 0

#11
Essexboy
Posted 26 April 2015 - 03:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure :)
  • 0

#12
Essexboy
Posted 29 April 2015 - 09:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: little, brother, downloaded, nasty?, virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP