Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

sudden slow down, after dr web clean a virus in quarantine (and before

Started by samidelcueva , Nov 14 2015 03:58 PM

  • Please log in to reply

#1
samidelcueva
Posted 14 November 2015 - 03:58 PM

samidelcueva

    Member

  • Member
  • PipPip
  • 67 posts

hi, 

my computer suddenly got very slow, so i decide to run in safe mode dr web, and it found a trojan in the quarantine of CIS, it's rare because, from time to time the same virus appears repeatedly, and the symphtom is that the antivirus closes by itself, it has just appeared today, after a lot of time without appearing, i don't know if that's what i am talking about the cause of the sympthoms that im geeaving in my computer right now, i had problems in the past with rootkits, but you guys helped me to delete it, anyway, after that the antivirus eliminated the trojan, i start my computer and attempt to use it normally, but it was impossible, because it was extremely slow, so try to put to TDSS, or eset online scanner, but, TDSS froze, and eset was too slow, and my computer was unbearably slow.

Also since i install Windows 10, each time i close my laptop to put it to sleep and then I want to re-use, launches a BSOD, so this is my situation. I appreciate very much your help. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by samuel (administrator) on DESKTOP-REU8NRJ (14-11-2015 14:41:22)
Running from C:\Users\samuel\Desktop
Loaded Profiles: samuel (Available Profiles: samuel)
Platform: Windows 10 Home (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(STMicroelectronics) C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Akamai Technologies, Inc.) C:\Users\samuel\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\samuel\AppData\Local\Akamai\netsession_win.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Telegram Messenger LLP) C:\Users\samuel\AppData\Roaming\Telegram Desktop\Telegram.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2015-07-29] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [ASUS HDD Protection Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe [54272 2014-02-12] (STMicroelectronics)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-09-12] (Malwarebytes Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2015-09-29] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3690298984-718693576-1200642337-1001\...\Run: [Akamai NetSession Interface] => C:\Users\samuel\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3690298984-718693576-1200642337-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2015-08-27] (MyCity)
HKU\S-1-5-21-3690298984-718693576-1200642337-1001\...\Run: [Spotify Web Helper] => C:\Users\samuel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-21] (Spotify Ltd)
HKU\S-1-5-21-3690298984-718693576-1200642337-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50264704 2015-11-05] (Skype Technologies S.A.)
HKU\S-1-5-21-3690298984-718693576-1200642337-1001\...\RunOnce: [Uninstall C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-3690298984-718693576-1200642337-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled [2015-10-31] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-08-01]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-08-01]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled [2015-10-31] ()
Startup: C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive para la Empresa.lnk [2015-08-06]
ShortcutTarget: OneDrive para la Empresa.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2015-10-23]
ShortcutTarget: Telegram.lnk -> C:\Users\samuel\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 200.94.160.248 200.94.160.246
Tcpip\..\Interfaces\{3537d7f4-1f29-47b9-9801-8bd42a42697e}: [DhcpNameServer] 200.94.160.248 200.94.160.246
Tcpip\..\Interfaces\{d9405bd9-59c5-4299-b4b3-13dcab48d6b1}: [NameServer] 156.154.70.25,156.154.71.25
 
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-08-01] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-08-01] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-08-01] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-08-01] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-08-01] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-08-01] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
 
Opera: 
=======
OPR Extension: (HTTPS Everywhere) - C:\Users\samuel\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2015-11-13]
OPR Extension: (WOT) - C:\Users\samuel\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-08-03]
OPR Extension: (LastPass) - C:\Users\samuel\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2015-08-01]
OPR Extension: (Adblock Plus) - C:\Users\samuel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-09-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-10-11] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1982648 2015-10-12] (Comodo)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-11-01] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
R2 DptfParticipantDisplayService; C:\WINDOWS\System32\DptfParticipantDisplayService.exe [141944 2015-07-29] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2015-07-29] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2015-07-29] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2015-07-29] (Intel Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1394360 2015-10-04] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-03] (ELAN Microelectronics Corp.)
S2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-11-01] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [361376 2015-10-02] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-09-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-17] (Malwarebytes)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2015-08-26] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-02] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-08-09] (ASUS Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2015-07-30] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-04] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-04] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2015-08-24] (Windows ® Win 7 DDK provider)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2015-07-29] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-15] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-15] (Intel Corporation)
S3 DptfDevGen; C:\Windows\System32\drivers\DptfDevGen.sys [78504 2014-09-15] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-15] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-15] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [290256 2014-09-15] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [495320 2014-09-15] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-10-04] (Intel Corporation)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-08-02] (Emsisoft GmbH)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-10-04] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-09-12] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2015-05-07] (Huawei Technologies Co., Ltd.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [46856 2015-07-30] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [132360 2015-10-04] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2015-07-26] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2015-07-26] (Intel Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
S0 kxqcsx; no ImagePath
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-04] (Intel Corporation)
R3 necbatt; C:\Windows\System32\drivers\necbatt.sys [28512 2015-10-02] (NEC Personal Computers, Ltd.)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-10-17] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2015-11-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [143592 2015-08-14] (STMicroelectronics)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-09-13] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 uotote; no ImagePath
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [111992 2015-11-01] (Zemana Ltd.)
S0 zvijcv; no ImagePath
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 14:39 - 2015-11-14 14:41 - 00107172 _____ C:\Users\samuel\Desktop\Addition.txt
2015-11-14 14:36 - 2015-11-14 14:41 - 00021614 _____ C:\Users\samuel\Desktop\FRST.txt
2015-11-14 14:35 - 2015-11-14 14:41 - 00000000 ____D C:\FRST
2015-11-14 14:35 - 2015-11-14 14:35 - 02198528 _____ (Farbar) C:\Users\samuel\Desktop\FRST64.exe
2015-11-14 14:30 - 2015-11-14 14:30 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-REU8NRJ_samuel_HistoryPrediction.bin
2015-11-14 13:31 - 2015-11-14 13:31 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-14 12:59 - 2015-11-14 12:59 - 00000000 ____D C:\Device
2015-11-12 20:40 - 2015-11-12 20:40 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-12 20:40 - 2015-11-12 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-12 20:39 - 2015-11-12 20:39 - 01504376 _____ (Skype Technologies S.A.) C:\Users\samuel\Downloads\SkypeSetup.exe
2015-11-10 16:20 - 2015-11-10 16:20 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 16:19 - 2015-11-10 16:19 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 16:19 - 2015-11-10 16:19 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 16:19 - 2015-11-10 16:19 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 16:19 - 2015-11-10 16:19 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 16:19 - 2015-11-10 16:19 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 16:19 - 2015-11-10 16:19 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 16:19 - 2015-11-10 16:19 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 16:18 - 2015-11-10 16:18 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 16:18 - 2015-11-10 16:18 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 16:18 - 2015-11-10 16:18 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 16:18 - 2015-11-10 16:18 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 16:18 - 2015-11-10 16:18 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 16:18 - 2015-11-10 16:18 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 16:18 - 2015-11-10 16:18 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 16:18 - 2015-11-10 16:18 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 16:18 - 2015-11-10 16:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 16:18 - 2015-11-10 16:18 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 16:18 - 2015-11-10 16:18 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 15:45 - 2015-11-14 13:15 - 00360400 _____ C:\WINDOWS\PFRO.log
2015-11-08 12:01 - 2015-11-08 16:09 - 01518718 _____ C:\Users\samuel\Downloads\suprema.pptx
2015-11-08 11:35 - 2015-11-08 11:36 - 00345888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-08 11:05 - 2015-11-14 14:30 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-04 19:41 - 2015-11-04 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64 bits)
2015-11-04 19:41 - 2015-11-04 19:41 - 00000000 ____D C:\Program Files\Microsoft Mathematics
2015-11-04 19:12 - 2015-11-04 19:12 - 00000000 __RHD C:\MSOCache
2015-11-02 10:14 - 2015-11-02 10:14 - 00002298 _____ C:\Users\samuel\AppData\Roaming\ASSDraw3.cfg
2015-11-01 21:19 - 2015-11-01 21:19 - 00000000 ____D C:\Users\samuel\AppData\Local\Aegisub
2015-11-01 20:54 - 2015-11-06 13:48 - 00000000 ____D C:\Program Files (x86)\Aegisub
2015-11-01 20:54 - 2015-11-04 19:01 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Aegisub
2015-11-01 13:21 - 2015-11-01 13:21 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-11-01 13:09 - 2015-11-01 13:09 - 00000000 ____D C:\Program Files\Microsoft Office
2015-11-01 13:06 - 2015-11-01 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-01 13:04 - 2015-11-01 13:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-01 12:49 - 2015-11-08 10:51 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-01 12:49 - 2015-11-01 12:57 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-01 12:46 - 2015-11-06 17:10 - 00000000 ____D C:\Users\samuel\AppData\Local\MicrosoftEdge
2015-11-01 12:39 - 2015-11-01 12:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-11-01 12:39 - 2015-11-01 12:39 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas para dictado y transcripción
2015-11-01 12:39 - 2015-11-01 12:39 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Conjunto de programas de NCH
2015-11-01 12:27 - 2015-11-01 12:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc
2015-11-01 10:00 - 2015-11-01 10:00 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudserd.sys
2015-11-01 09:59 - 2015-11-01 09:59 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2015-11-01 09:59 - 2015-11-01 09:59 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2015-11-01 09:59 - 2015-11-01 09:59 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-11-01 09:59 - 2015-11-01 09:59 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-11-01 09:59 - 2015-11-01 09:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-11-01 08:59 - 2015-11-01 08:59 - 00000000 ____D C:\Users\samuel\.android
2015-11-01 08:55 - 2015-11-01 12:19 - 00000000 ____D C:\ProgramData\HandSetService
2015-11-01 08:55 - 2015-11-01 12:16 - 00000000 ____D C:\Users\samuel\AppData\Local\HiSuite
2015-11-01 08:55 - 2015-11-01 09:04 - 00000000 ____D C:\Users\samuel\Documents\HiSuite
2015-11-01 08:55 - 2015-05-07 04:40 - 02152176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01009.dll
2015-11-01 08:55 - 2015-05-07 04:40 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01009.dll
2015-11-01 08:55 - 2015-05-07 04:40 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusbcoinstaller2.dll
2015-11-01 08:55 - 2015-05-07 04:40 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2015-11-01 08:55 - 2015-05-07 04:40 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2015-11-01 08:55 - 2015-05-07 04:40 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2015-11-01 08:54 - 2015-11-01 12:16 - 00000000 ____D C:\Program Files (x86)\HiSuite
2015-10-31 14:59 - 2015-10-31 15:19 - 00021583 _____ C:\Users\samuel\Desktop\Presupuesto casa.xlsx
2015-10-30 22:10 - 2015-10-31 11:29 - 00815120 _____ C:\WINDOWS\system32\perfh00A.dat
2015-10-30 22:10 - 2015-10-31 11:29 - 00158264 _____ C:\WINDOWS\system32\perfc00A.dat
2015-10-30 22:10 - 2015-10-30 22:07 - 00346516 _____ C:\WINDOWS\system32\perfi00A.dat
2015-10-30 22:10 - 2015-10-30 22:07 - 00043804 _____ C:\WINDOWS\system32\perfd00A.dat
2015-10-30 22:08 - 2015-10-30 22:08 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-10-30 22:08 - 2015-10-30 22:08 - 00000000 ____D C:\WINDOWS\SysWOW64\es
2015-10-30 22:08 - 2015-10-30 22:08 - 00000000 ____D C:\WINDOWS\SysWOW64\Drivers\es-MX
2015-10-30 22:07 - 2015-10-30 22:07 - 00000000 ____D C:\WINDOWS\system32\es
2015-10-30 22:07 - 2015-10-30 22:07 - 00000000 ____D C:\WINDOWS\system32\Drivers\es-MX
2015-10-30 22:07 - 2015-10-30 22:07 - 00000000 ____D C:\WINDOWS\es-MX
2015-10-30 21:31 - 2015-10-30 21:31 - 09893888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll
2015-10-30 21:31 - 2015-10-30 21:31 - 09893888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll
2015-10-30 21:31 - 2015-10-30 21:31 - 09687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll
2015-10-30 21:31 - 2015-10-30 21:31 - 09565696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll
2015-10-30 21:31 - 2015-10-30 21:31 - 00001049 _____ C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-10-27 19:17 - 2015-10-27 19:17 - 00000290 _____ C:\AdwCleaner[S9].txt
2015-10-22 18:06 - 2015-10-22 18:06 - 00001037 _____ C:\Users\samuel\Desktop\Telegram.lnk
2015-10-20 18:57 - 2015-10-20 18:57 - 00000000 ____D C:\Users\samuel\Documents\Fax
2015-10-18 13:06 - 2015-10-18 13:21 - 00000000 ____D C:\NPE
2015-10-18 10:22 - 2015-10-18 13:30 - 00000000 ____D C:\Users\samuel\AppData\Local\NPE
2015-10-18 10:22 - 2015-10-18 10:24 - 00000000 ____D C:\ProgramData\Norton
2015-10-18 09:13 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2015-10-18 09:13 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2015-10-17 21:38 - 2015-11-14 14:31 - 00000000 ____D C:\Users\samuel\AppData\Local\CrashDumps
2015-10-17 21:03 - 2015-11-06 14:01 - 00000000 ____D C:\Program Files\RogueKiller
2015-10-17 21:03 - 2015-10-17 21:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-17 21:03 - 2015-10-17 21:03 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-16 12:58 - 2015-10-16 12:58 - 00000000 __SHD C:\Users\samuel\AppData\Local\icsxml
2015-10-16 12:58 - 2015-10-16 12:58 - 00000000 __SHD C:\ProgramData\DIBsection
2015-10-16 12:58 - 2015-10-16 12:58 - 00000000 ____D C:\Users\samuel\AppData\Local\MetaGeek,_LLC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 14:39 - 2015-07-29 18:13 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-11-14 14:37 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-14 14:35 - 2015-09-07 17:31 - 00761562 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-11-14 14:32 - 2015-08-28 10:39 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 14:31 - 2015-08-09 08:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-14 14:29 - 2015-08-01 09:51 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-11-14 14:29 - 2015-08-01 09:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-14 14:29 - 2015-07-10 05:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 14:19 - 2015-07-30 20:28 - 00000000 ____D C:\Users\samuel\Desktop\Seguridad
2015-11-14 13:53 - 2015-08-28 10:39 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 13:29 - 2015-07-30 20:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-14 13:16 - 2015-08-09 08:30 - 00000000 ____D C:\Users\samuel
2015-11-14 13:14 - 2015-07-10 02:05 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2015-11-14 11:12 - 2015-09-10 12:57 - 00000000 ____D C:\Users\samuel\Doctor Web
2015-11-14 11:10 - 2015-07-31 06:55 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-11-14 09:58 - 2015-07-29 18:34 - 00000000 ____D C:\Users\samuel\AppData\Local\Steam
2015-11-14 09:58 - 2015-07-29 18:13 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-14 09:48 - 2015-08-09 09:57 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-14 09:48 - 2015-07-29 18:25 - 00827976 ____N C:\WINDOWS\Minidump\111415-27218-01.dmp
2015-11-14 09:38 - 2015-07-29 18:50 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{27E39A0E-99CE-4302-937A-CD7D0405F469}
2015-11-13 23:16 - 2015-09-05 16:06 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-11-13 14:06 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-12 21:20 - 2015-08-20 14:06 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Skype
2015-11-12 20:40 - 2015-08-20 14:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-12 20:40 - 2015-08-20 14:05 - 00000000 ____D C:\ProgramData\Skype
2015-11-11 17:53 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-11-11 17:53 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-11-11 17:53 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 15:58 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-11 15:36 - 2015-07-10 03:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 15:34 - 2015-08-08 22:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 15:28 - 2015-08-08 22:11 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 16:22 - 2015-10-02 06:51 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-10 16:22 - 2015-10-02 06:51 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 16:12 - 2015-08-01 09:51 - 00004030 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-11-10 16:12 - 2015-08-01 09:51 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 15:20 - 2015-07-30 13:52 - 00000000 ____D C:\Users\samuel\AppData\Local\Spotify
2015-11-10 14:05 - 2015-07-30 13:51 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Spotify
2015-11-09 20:17 - 2015-07-29 18:25 - 00826533 ____N C:\WINDOWS\Minidump\110915-25296-01.dmp
2015-11-08 11:35 - 2015-07-29 18:25 - 00827635 ____N C:\WINDOWS\Minidump\110815-35625-01.dmp
2015-11-08 10:59 - 2015-07-29 18:42 - 00000000 ____D C:\Users\samuel\AppData\Local\Packages
2015-11-06 13:58 - 2015-08-25 13:59 - 00000000 ____D C:\ProgramData\Apple
2015-11-05 13:11 - 2015-08-18 07:44 - 00003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1438446375
2015-11-05 13:11 - 2015-08-01 09:26 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-05 13:11 - 2015-08-01 09:26 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-04 20:04 - 2015-08-14 10:13 - 00000173 _____ C:\Users\samuel\AppData\Local\msmathematics.qat.samuel
2015-11-04 19:02 - 2015-09-12 20:38 - 00000000 ___RD C:\Users\samuel\OneDrive para la Empresa 1
2015-11-03 20:43 - 2015-08-10 09:31 - 00000000 ____D C:\Program Files (x86)\Vivaldi
2015-11-03 20:42 - 2015-08-10 09:32 - 00002207 _____ C:\Users\Public\Desktop\Vivaldi.lnk
2015-11-01 20:54 - 2015-07-30 06:15 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-01 18:36 - 2015-10-10 17:06 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Tropico 5
2015-11-01 15:02 - 2015-08-05 11:05 - 00000000 ____D C:\Users\samuel\Desktop\Juegos
2015-11-01 13:21 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-01 12:58 - 2015-08-03 11:02 - 00111992 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2015-11-01 12:58 - 2015-08-03 11:02 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-11-01 12:39 - 2015-08-20 10:16 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk
2015-11-01 12:28 - 2015-08-04 08:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-01 09:05 - 2015-07-29 18:42 - 00000000 ____D C:\Users\samuel\AppData\Local\VirtualStore
2015-11-01 08:55 - 2015-05-07 04:40 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-10-31 12:13 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-31 11:29 - 2015-07-29 18:40 - 01840502 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-31 08:16 - 2015-07-30 20:27 - 00000000 ____D C:\AdwCleaner
2015-10-30 22:08 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-10-30 22:08 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-10-30 22:08 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-30 22:08 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-10-30 22:08 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-10-30 22:08 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-10-30 22:08 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-30 22:08 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-10-30 22:08 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-30 22:08 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-10-30 22:08 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-30 22:07 - 2015-07-10 06:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\Com
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\IME
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Help
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-30 22:07 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-10-30 22:07 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-10-30 22:07 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\servicing
2015-10-30 21:34 - 2015-07-10 06:12 - 00000000 ____D C:\WINDOWS\OCR
2015-10-30 16:44 - 2015-08-04 08:25 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 16:43 - 2015-08-04 08:25 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-29 22:03 - 2015-07-30 17:59 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-29 22:03 - 2015-07-30 17:59 - 00000000 ____D C:\Program Files\CCleaner
2015-10-28 18:17 - 2015-07-29 18:45 - 00002339 _____ C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-28 18:17 - 2015-07-29 18:45 - 00000000 ___RD C:\Users\samuel\OneDrive
2015-10-23 15:26 - 2015-08-14 09:50 - 00000000 ____D C:\Program Files (x86)\GeoGebra 5.0
2015-10-23 12:32 - 2015-07-30 20:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-18 18:38 - 2015-08-19 16:04 - 00000000 ____D C:\Users\samuel\AppData\LocalLow\Temp
2015-10-18 09:10 - 2015-07-31 06:53 - 00000000 ____D C:\WINDOWS\pss
2015-10-18 09:02 - 2015-09-05 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-18 08:50 - 2015-07-30 20:36 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-18 08:47 - 2015-08-03 11:07 - 00000000 ____D C:\EEK
2015-10-17 22:14 - 2015-08-17 09:33 - 00050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-10-17 21:58 - 2015-07-30 20:36 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-17 21:58 - 2015-07-30 20:36 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-17 21:58 - 2015-07-30 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 21:58 - 2015-07-30 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
 
==================== Files in the root of some directories =======
 
2015-07-29 18:48 - 2015-08-01 09:57 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-02 10:14 - 2015-11-02 10:14 - 0002298 _____ () C:\Users\samuel\AppData\Roaming\ASSDraw3.cfg
2015-08-14 10:13 - 2015-11-04 20:04 - 0000173 _____ () C:\Users\samuel\AppData\Local\msmathematics.qat.samuel
2015-09-29 13:29 - 2015-09-29 13:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-09 08:26 - 2015-08-09 08:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\samuel\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-13 14:38
 
==================== End of FRST.txt ============================

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP