Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[HELP] trojan found via Malicious Software Removal Tool

Started by diegofba , Feb 23 2017 07:29 AM

  • Please log in to reply

#1
diegofba
Posted 23 February 2017 - 07:29 AM

diegofba

    Member

  • Member
  • PipPip
  • 21 posts

Hi, today when I turned on my computer a popup from Microsoft Malicious Software Removal Tool asked me to run it, as it was from Microsoft I did.

And it found a trojan which it partially removed from my pc (see ss attached)

I haven't noticed anything wrong before today (maybe my pc acting a bit slow but I blame multiple open files and programs and chrome windows as I'm researching and working on a website -

Can this trojan infect the website I'm  working on? :upset:

 

Here are the FRST files I haven't use MalwareBytes yet, Thanks in advance  :spoton:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by Diego B (administrator) on DIEGO (23-02-2017 08:21:18)
Running from C:\Users\Diego B\Desktop
Loaded Profiles: Diego B (Available Profiles: Diego B)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Flux Software LLC) C:\Users\Diego B\AppData\Local\FluxSoftware\Flux\flux.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.6.2.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-04] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-23] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Run: [f.lux] => C:\Users\Diego B\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-23] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-23] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 190.113.220.54 190.113.220.51 190.113.220.18
Tcpip\..\Interfaces\{face8808-ba37-4853-92f3-a93e12ac228d}: [DhcpNameServer] 190.113.220.54 190.113.220.51 190.113.220.18
 
Internet Explorer:
==================
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-3919295077-688054640-3730574233-1001 -> DefaultScope {AC7B782E-B80C-41F5-8B63-7C40A3B4468E} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-23] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-04]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR Extension: (Presentaciones de Google) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-02]
CHR Extension: (Google Docs) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-02]
CHR Extension: (Google Drive) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-02]
CHR Extension: (YouTube) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-02]
CHR Extension: (Avast SafePrice) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-05]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-02]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2017-02-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-03]
CHR Extension: (AdBlock) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-16]
CHR Extension: (Avast Online Security) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-10]
CHR Extension: (Grammarly for Chrome) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-02]
CHR Extension: (Shopify Inspector) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\kefmekfmfacbdefimlancoccpocmgmpb [2017-02-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-02]
CHR Extension: (Chrome Media Router) - C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-23] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-23] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-13] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-23] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-23] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-23] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-23] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-23] (AVAST Software)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-13] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-23] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-23 08:21 - 2017-02-23 08:22 - 00021120 _____ C:\Users\Diego B\Desktop\FRST.txt
2017-02-23 08:20 - 2017-02-23 08:21 - 00000000 ____D C:\FRST
2017-02-23 08:05 - 2017-02-23 08:06 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-23 08:05 - 2017-02-23 08:05 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 08:05 - 2017-02-23 08:05 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-23 08:05 - 2017-02-23 08:05 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-23 08:05 - 2017-02-23 08:05 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-23 08:04 - 2017-02-23 08:20 - 02423296 _____ (Farbar) C:\Users\Diego B\Desktop\FRST64.exe
2017-02-23 08:04 - 2017-02-23 08:04 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-23 08:04 - 2017-02-23 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-23 08:04 - 2017-02-23 08:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-23 08:04 - 2017-02-23 08:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-23 08:04 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-23 07:49 - 2017-02-23 07:49 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-23 07:47 - 2017-02-23 07:47 - 05013456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-23 07:45 - 2017-02-23 07:45 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-23 07:45 - 2017-02-23 07:45 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-02-23 07:45 - 2017-02-23 07:42 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-23 07:45 - 2017-02-23 07:42 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-23 07:45 - 2017-02-23 07:42 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-23 07:45 - 2017-02-23 07:42 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-23 07:44 - 2017-02-23 07:44 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-23 07:26 - 2017-02-23 07:55 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-02-21 08:38 - 2017-02-22 18:54 - 00001456 _____ C:\Users\Diego B\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-17 14:08 - 2017-02-19 12:00 - 00000000 ____D C:\Users\Diego B\AppData\Roaming\obs-studio
2017-02-17 14:08 - 2017-02-17 14:08 - 00001286 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-02-17 14:08 - 2017-02-17 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-02-17 14:08 - 2017-02-17 14:08 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-02-10 08:57 - 2017-02-10 22:35 - 00010016 _____ C:\Users\Diego B\Desktop\Routine.xlsx
2017-02-09 16:31 - 2017-02-20 09:29 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-09 16:18 - 2017-02-09 16:18 - 00000000 ____D C:\Users\Diego B\AppData\LocalLow\Adobe
2017-02-09 15:53 - 2017-02-09 15:53 - 00000000 ____D C:\Users\Diego B\AppData\Roaming\Nitro
2017-02-09 15:48 - 2017-02-09 16:00 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2017-02-09 15:48 - 2017-02-09 15:48 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-02-09 15:46 - 2017-02-09 15:46 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2017-02-09 15:32 - 2017-02-09 16:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-02-09 15:32 - 2017-02-09 15:32 - 00003602 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Diego-Diego B
2017-02-09 15:31 - 2017-02-09 16:19 - 00000000 ____D C:\Users\Diego B\Documents\Adobe
2017-02-09 15:31 - 2017-02-09 15:31 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2017-02-09 15:26 - 2017-02-09 15:48 - 00000000 ____D C:\Program Files\Adobe
2017-02-09 15:25 - 2017-02-09 15:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-02-05 05:16 - 2017-02-04 10:39 - 00016250 _____ C:\Users\Diego B\Downloads\wp-settings.php
2017-02-04 11:25 - 2017-02-17 08:39 - 00000000 ____D C:\Users\Diego B\AppData\LocalLow\uTorrent
2017-02-03 09:57 - 2017-02-05 15:25 - 00010775 _____ C:\Users\Diego B\Desktop\bookmarks.xlsx
2017-02-03 09:34 - 2017-02-03 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2017-02-03 09:31 - 2017-02-20 13:26 - 00000600 _____ C:\Users\Diego B\AppData\Local\PUTTY.RND
2017-02-03 09:29 - 2017-02-03 09:29 - 00001159 _____ C:\Users\Diego B\Desktop\Cyberduck.lnk
2017-02-03 09:25 - 2017-02-03 09:25 - 00000973 _____ C:\Users\Public\Desktop\PuTTY.lnk
2017-02-03 09:25 - 2017-02-03 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2017-02-03 09:25 - 2017-02-03 09:25 - 00000000 ____D C:\Program Files (x86)\PuTTY
2017-02-02 09:20 - 2017-02-02 09:20 - 00000000 ____D C:\WINDOWS\AutoRearm
2017-02-02 09:19 - 2017-02-22 19:07 - 00000000 ____D C:\WINDOWS\AutoKMS
2017-01-27 15:22 - 2017-01-27 15:22 - 00000000 ____D C:\Users\Diego B\Documents\TikGames
2017-01-27 15:18 - 2017-01-27 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro
2017-01-27 15:18 - 2017-01-27 15:18 - 00000000 ____D C:\Program Files (x86)\Hasbro
2017-01-25 13:27 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:27 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-23 08:04 - 2017-01-05 12:13 - 00000000 ____D C:\Users\Diego B
2017-02-23 07:58 - 2017-01-05 15:46 - 00000000 ____D C:\Users\Diego B\AppData\Roaming\Nitro PDF
2017-02-23 07:58 - 2017-01-03 13:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 07:48 - 2017-01-05 15:06 - 00000000 __SHD C:\Users\Diego B\IntelGraphicsProfiles
2017-02-23 07:47 - 2017-01-05 12:26 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1483560651
2017-02-23 07:47 - 2017-01-05 12:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-23 07:47 - 2017-01-04 15:11 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-23 07:46 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-23 07:45 - 2017-01-04 15:03 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-23 07:44 - 2017-01-04 15:03 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-23 07:44 - 2017-01-04 15:03 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148785393814004
2017-02-23 07:44 - 2017-01-04 15:03 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-23 07:44 - 2017-01-04 15:03 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-23 07:44 - 2017-01-04 15:03 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-23 07:44 - 2017-01-04 15:03 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-23 07:44 - 2017-01-04 15:03 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-23 07:43 - 2017-01-04 15:10 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-23 07:43 - 2017-01-04 15:03 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-23 07:38 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 07:36 - 2017-01-04 14:55 - 00000000 ____D C:\Users\Diego B\AppData\Roaming\uTorrent
2017-02-23 07:36 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-23 07:35 - 2017-01-04 15:05 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-23 07:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-22 21:42 - 2017-01-05 12:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 19:07 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 19:04 - 2017-01-03 13:36 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 16:48 - 2017-01-03 21:03 - 00000000 ____D C:\Users\Diego B\AppData\Local\Adobe
2017-02-22 14:02 - 2017-01-02 15:29 - 00000000 ____D C:\Users\Diego B\Desktop\FORMATEO
2017-02-22 13:49 - 2017-01-03 21:03 - 00000000 ____D C:\Users\Diego B\AppData\Local\LSC
2017-02-15 21:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-10 07:30 - 2017-01-02 15:56 - 00000000 ____D C:\Users\Diego B\Desktop\fit
2017-02-09 16:35 - 2016-07-16 01:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-02-09 16:19 - 2017-01-02 19:20 - 00000000 ____D C:\Users\Diego B\AppData\Roaming\Adobe
2017-02-09 16:01 - 2013-08-22 05:36 - 00000000 ____D C:\ProgramData\Adobe
2017-02-09 15:44 - 2013-08-22 05:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-09 15:28 - 2017-01-03 09:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-07 14:57 - 2017-01-02 23:49 - 00002281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 14:57 - 2017-01-02 23:49 - 00002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 16:27 - 2017-01-05 06:05 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 16:27 - 2017-01-03 08:50 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 09:34 - 2017-01-13 17:42 - 00000000 ____D C:\Program Files (x86)\Cyberduck
2017-01-29 12:08 - 2017-01-05 12:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-29 12:06 - 2017-01-05 12:22 - 01676302 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-29 12:06 - 2016-07-16 17:40 - 00626102 _____ C:\WINDOWS\system32\perfh00A.dat
2017-01-29 12:06 - 2016-07-16 17:40 - 00118714 _____ C:\WINDOWS\system32\perfc00A.dat
2017-01-27 15:22 - 2017-01-02 19:19 - 00000000 ____D C:\Users\Diego B\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2017-02-21 08:38 - 2017-02-22 18:54 - 0001456 _____ () C:\Users\Diego B\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-03 09:31 - 2017-02-20 13:26 - 0000600 _____ () C:\Users\Diego B\AppData\Local\PUTTY.RND
2013-08-22 05:19 - 2013-08-22 05:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-16 09:33
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by Diego B (23-02-2017 08:22:52)
Running from C:\Users\Diego B\Desktop
Windows 10 Home Single Language Version 1607 (X64) (2017-01-05 17:56:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3919295077-688054640-3730574233-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3919295077-688054640-3730574233-503 - Limited - Disabled)
Diego B (S-1-5-21-3919295077-688054640-3730574233-1001 - Administrator - Enabled) => C:\Users\Diego B
Invitado (S-1-5-21-3919295077-688054640-3730574233-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)
Bonjour (Version: 3.1.0.1 - Apple Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
Cyberduck (HKLM-x32\...\{9991d0b8-cc3b-4da1-a7ec-7846474f8949}) (Version: 5.3.4.23328 - iterate GmbH)
Cyberduck (x32 Version: 5.3.4.23328 - iterate GmbH) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
f.lux (HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Monopoly by Parker Brothers (HKLM-x32\...\Monopoly by Parker Brothers) (Version: 1.0.406.0 - GameHouse, Inc.)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Popcorn-Time (HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.229 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3919295077-688054640-3730574233-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {197065E8-07DB-4297-B262-CFF3F0978B0A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {2C385939-F62C-40A6-A23D-EA1D90DE6F81} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-23] (AVAST Software)
Task: {4A8ED119-2BA7-4574-BBB6-9D9CCFD365CD} - System32\Tasks\SafeZone scheduled Autoupdate 1483560651 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software)
Task: {7135BDDB-12D9-4F55-82AF-FF731EDE3628} - System32\Tasks\AdobeAAMUpdater-1.0-Diego-Diego B => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {921DA7E8-B58E-4F9D-8651-60B5AD34C1EA} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
Task: {961F97AD-9CE8-4E20-B90F-D2BDB889DAE4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03] (Synaptics Incorporated)
Task: {A10D17A3-AC3D-4D73-8DC9-5C7BC845D435} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {A75FF158-EE53-401A-AEB7-D86898316F99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-02] (Google Inc.)
Task: {AE6170B2-0C0B-4912-A01E-66604509C5A4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
Task: {B088D863-51A0-426D-AA78-9C326BA42048} - \WPD\SqmUpload_S-1-5-21-3919295077-688054640-3730574233-1001 -> No File <==== ATTENTION
Task: {B843D7B4-6168-4C11-87F3-99FAC8515022} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
Task: {BA553F69-A1E0-4EA0-9313-A301E233A195} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {C726D664-346F-4527-A9E8-2A86E9EB229C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-02] (Google Inc.)
Task: {D6583D15-9B92-4537-9532-E92D1F5C23F2} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Diego B\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Diego B\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\Diego B\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-01-06 10:12 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-06 10:12 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-01-06 10:09 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 09:08 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 09:07 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 09:06 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 09:07 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 09:06 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 09:07 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 08:29 - 2017-02-22 08:30 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 08:29 - 2017-02-22 08:30 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 08:29 - 2017-02-22 08:30 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 08:57 - 2017-02-06 08:57 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-07 14:57 - 2017-02-01 04:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 14:57 - 2017-02-01 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-01-19 16:34 - 2017-01-19 16:35 - 01969360 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.6.2.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-02-10 05:43 - 2017-02-10 05:43 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.6.2.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-02-23 08:04 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-23 08:04 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-23 08:04 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-14 16:40 - 2017-02-14 16:40 - 31178840 _____ () C:\Users\Diego B\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll
2017-02-23 07:44 - 2017-02-23 07:44 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-04 15:03 - 2017-01-04 15:03 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-23 07:42 - 2017-02-23 07:42 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-23 07:44 - 2017-02-23 07:44 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-08-22 05:15 - 2012-07-17 23:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2017-02-09 16:15 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 190.113.220.54 - 190.113.220.51
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3919295077-688054640-3730574233-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A45A0308-186E-49A9-8AB4-35B215C109D0}] => (Allow) C:\Users\Diego B\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6087B85D-3E30-42FE-A2E4-2EA408BA4EA1}] => (Allow) C:\Users\Diego B\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CE460CB-AF03-4EAB-BD16-861E1A27C97D}] => (Allow) C:\Users\Diego B\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{61037C59-BE3A-49AE-80A7-94C07B39BA9F}] => (Allow) C:\Users\Diego B\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8C4D7B75-1F73-44EE-BCB1-606E0826637C}] => (Allow) C:\Users\Diego B\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{056928C0-57E7-4A97-92D3-E83DD5F23548}] => (Allow) C:\Users\Diego B\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8577419E-6B29-4762-84D0-43DB992FAE17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{EA0FA4BB-D65B-461B-AB98-EE9AECC4890F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{670B1754-122F-40AE-9602-AD6B9B887EF2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A76C6823-D09A-4899-B3DB-F8785D046DF0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{03476C98-A094-459A-A39E-367C8C261A9E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A57529C-96EF-4E5E-BF08-BC72A5CD595D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1AB5F9BA-2521-4485-9189-52B7D6D96682}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0F154237-A84D-4B3E-8343-42F69A24E175}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{16574CDB-FE68-4B28-90EE-6E58D2C15DE6}C:\users\diego b\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\diego b\appdata\local\popcorn-time\popcorn-time.exe
FirewallRules: [UDP Query User{D1F44B7A-BD8F-4A50-96BE-1E632675F299}C:\users\diego b\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\diego b\appdata\local\popcorn-time\popcorn-time.exe
FirewallRules: [{383A9B4F-A71A-47BC-B8E9-1D159807FE91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F9DAD31-4ADA-4972-AFFF-D353298E2683}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E969C45-FCA7-4217-BB2A-B4AEFD8B0116}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A1C9620-173C-45A9-A365-922E1383D541}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{DDCA4319-5952-418A-8B45-51D5128F9966}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{5AB3082E-B5E4-4182-A955-C399DBA67732}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{7636398F-CE79-43DD-96E1-77742CC539F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E8996EBA-EC70-44F0-8D4C-DCF9A7AB40D7}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{DE676AC4-9264-49EE-9FFA-8A3C01FCEAD8}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{D004AE72-217B-433A-BBC4-D296ECCDBC09}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{44BCAA0C-5ACC-4DE8-B0D6-74A329203316}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{493CEDBA-DFB9-4456-A15B-C5A0765AA978}] => (Allow) C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\Adobe Premiere Pro.exe
FirewallRules: [{6B93AE9B-76C1-4521-A892-41FEC4B28192}] => (Allow) C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\Adobe Premiere Pro.exe
FirewallRules: [{85931ACB-5021-4408-8651-C15491DB1910}] => (Allow) C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\Adobe Premiere Pro.exe
FirewallRules: [{5746E307-1A72-4384-8F1A-B5CAA7310CEC}] => (Allow) C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\Adobe Premiere Pro.exe
 
==================== Restore Points =========================
 
09-02-2017 15:28:16 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
22-02-2017 19:02:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/23/2017 08:07:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diego)
Description: No se pudo activar la aplicación Microsoft.Windows.Photos_8wekyb3d8bbwe!App debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (02/23/2017 08:07:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Diego)
Description: La aplicación Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App no se inició dentro del tiempo asignado.
 
Error: (02/23/2017 07:48:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diego)
Description: No se pudo activar la aplicación Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (02/23/2017 07:48:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Diego)
Description: La aplicación Microsoft.MicrosoftStickyNotes_1.6.2.0_x64__8wekyb3d8bbwe+App no se inició dentro del tiempo asignado.
 
Error: (02/23/2017 07:47:56 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error al actualizar el estado  a SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (02/23/2017 07:47:56 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error al actualizar el estado  a SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (02/23/2017 07:39:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diego)
Description: No se pudo activar la aplicación Microsoft.WindowsStore_8wekyb3d8bbwe!App debido al error: -2147023170. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (02/23/2017 07:29:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diego)
Description: No se pudo activar la aplicación Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (02/23/2017 07:26:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diego)
Description: No se pudo activar la aplicación Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (02/23/2017 07:26:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Diego)
Description: La aplicación Microsoft.MicrosoftStickyNotes_1.6.2.0_x64__8wekyb3d8bbwe+App no se inició dentro del tiempo asignado.
 
 
System errors:
=============
Error: (02/23/2017 08:07:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Servicio Informe de errores de Windows.
 
Error: (02/23/2017 08:07:29 AM) (Source: DCOM) (EventID: 10010) (User: Diego)
Description: El servidor App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (02/23/2017 07:48:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.
 
Error: (02/23/2017 07:48:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio FontCache3.0.0.0.
 
Error: (02/23/2017 07:47:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (02/23/2017 07:47:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (02/23/2017 07:47:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 y APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (02/23/2017 07:46:07 AM) (Source: DCOM) (EventID: 10010) (User: Diego)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (02/23/2017 07:46:07 AM) (Source: DCOM) (EventID: 10010) (User: Diego)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (02/23/2017 07:46:06 AM) (Source: DCOM) (EventID: 10010) (User: Diego)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 6009.77 MB
Available physical RAM: 2772.85 MB
Total Virtual: 10873.77 MB
Available Virtual: 7379.14 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:423.64 GB) (Free:317.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:11.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D6C3D924)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

Attached Thumbnails

  • trojan.png

Edited by diegofba, 24 February 2017 - 06:20 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP