Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by WINDOWS (administrator) on ULTIMATE on 16-04-2015 15:33:36
Running from C:\Users\WINDOWS\Desktop
Loaded Profiles: WINDOWS (Available profiles: WINDOWS)
Platform: Windows 7 Ultimate (X64) OS Language: Português (Brasil)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(BitTorrent Inc.) C:\Users\WINDOWS\AppData\Roaming\uTorrent\uTorrent.exe
(Elias Fotinis) C:\Program Files (x86)\DeskPins\DeskPins.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-04-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB Antivirus] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1856032 2015-02-10] (Baidu, Inc.)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [GoogleChromeAutoLaunch_F8D1126C80F9311A03F66B81B56B8A9C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31683168 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [C:\Users\WINDOWS\AppData\Local\Temp\LD6182.tmp.exe] => C:\Users\WINDOWS\AppData\Local\Temp\LD6182.tmp.exe /exenoupdates /exelang 0 /prereqs "2,3" <===== ATTENTION
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5471104 2011-08-12] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [uTorrent] => C:\Users\WINDOWS\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.)
Startup: C:\Users\WINDOWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\DeskPins.exe (Elias Fotinis)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll (Baidu, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-16] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-16] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\WINDOWS\AppData\Roaming\Mozilla\Firefox\Profiles\iyc2w1kd.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF user.js: detected! => C:\Users\WINDOWS\AppData\Roaming\Mozilla\Firefox\Profiles\iyc2w1kd.default\user.js [2014-09-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-02-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-02-09]
FF Extension: ObviousIdea Addon - C:\Users\WINDOWS\AppData\Roaming\Mozilla\Firefox\Profiles\iyc2w1kd.default\Extensions\toolbarbutton@obviousidea.us [2014-09-16]
FF Extension: DownloadHelper - C:\Users\WINDOWS\AppData\Roaming\Mozilla\Firefox\Profiles\iyc2w1kd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-09]
Chrome:
=======
CHR HomePage: Default -> hxxp://do-search.com/?type=hp&ts=1427486354&from=cor&uid=ST2000DM001-1CH164_W1E2ETR4XXXXW1E2ETR4
CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1427486354&from=cor&uid=ST2000DM001-1CH164_W1E2ETR4XXXXW1E2ETR4"
CHR Profile: C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-05]
CHR Extension: (Google Docs) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-05]
CHR Extension: (Google Drive) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-05]
CHR Extension: (YouTube) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-05]
CHR Extension: (Google Cast) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-19]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-12-19]
CHR Extension: (Google Search) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-05]
CHR Extension: (Video Downloader professional) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-09-24]
CHR Extension: (Google Sheets) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-05]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2014-12-19]
CHR Extension: (ObviousIdea) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnefekibahpibgnllfjpckodgobkpije [2014-09-17]
CHR Extension: (Plex) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2014-12-19]
CHR Extension: (VLC) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhafecgfkakfbhlbjffclfaomoliicpm [2015-02-10]
CHR Extension: (IDM Integration Module) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-10-31]
CHR Extension: (Video Download Helper) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-23]
CHR Extension: (Video download helper) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkioblodjcgkdailhejgcocjkkoochj [2015-03-06]
CHR Extension: (Google Wallet) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-05]
CHR Extension: (Melhores Destinos) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkobmcegbmmjnfhholeonfacmfkpcja [2014-12-19]
CHR Extension: (Gmail) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fnefekibahpibgnllfjpckodgobkpije] - C:\Users\WINDOWS\AppData\Local\ObviousIdea\extension.crx [2013-05-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-04-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-04-10] (Avira Operations GmbH & Co. KG)
R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe [2308792 2015-02-10] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe [264736 2015-01-08] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [427856 2015-02-10] (Baidu, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-04-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-09] (Avira Operations GmbH & Co. KG)
R3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [116984 2015-02-10] (Baidu, Inc.)
R3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [25048 2015-02-10] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [232440 2015-01-08] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [59896 2015-02-10] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38392 2015-02-10] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [61112 2015-02-10] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [483288 2015-02-10] (Baidu, Inc.)
R3 BNmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys [59384 2015-02-10] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [174328 2015-02-10] (Baidu, Inc.)
R1 Hermes; C:\Windows\System32\drivers\Hermes.sys [347400 2015-03-06] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys B9384E03479D2506BC924C16A3DB87BC
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 00BF66D168E1A7AA7E1C9F458BBA0B34
C:\Windows\System32\DRIVERS\avipbb.sys 055D318220DD4593F2A8C8FF83707D36
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys 9903EDF26EAC2B4EA69C789C74728D58
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys B4C547F5BA94F2EC3DA90623B0243FC1
C:\Windows\System32\drivers\BdSandbox.sys 19A06C8A07083EBE564B001EC110A43B
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\drivers\Bfilter.sys 7F4DD6CC447D1148635045BC45F05F75
C:\Windows\System32\drivers\Bfmon.sys 4CB30C939EB81A14B69B7C460CAF1E5E
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\bnbasex64.sys 80B216F21D7383B033903DC668C1CA43
C:\Windows\System32\drivers\bndef64.sys F06847B4A7B5964449DD455B3F6B252D
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys 9109E876DCE559B6AFAA6679FB6C9C8D
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\System32\drivers\Bprotect.sys A63A0B9919471DDB9036E6F8F3189F32
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB
C:\Windows\System32\Drivers\dfsc.sys 3F1DC527070ACB87E40AFE46EF6DA749
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 7CB7D2B73813CE05C7BC0F5F95D27CEC
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\Hermes.sys 23FD351C2081B9223A77FD4BB49B5D22
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidkmdf.sys F6C1CAF52246BD4F8503BC78A04A56C2
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys BBE1BF6D9B661C354D4857D5FADB943B
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys CFDCD8CA87C2A657DEBC150AC35B5E08
C:\Windows\System32\DRIVERS\mrxsmb10.sys 1BEE517B220B7F024F411AEC1571DD5A
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6B2D5FEF385828B6E485C1C90AFB8195
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC8F67289105BF270498095F14963464
C:\Windows\System32\DRIVERS\srv2.sys F773D2ED090B7BAA1C1A034F3CA476C8
C:\Windows\System32\DRIVERS\srvnet.sys 26E84D3649019C3244622E654DFCD75B
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895
C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\System32\DRIVERS\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1
C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wachidrouter.sys C465E2A166B7C349FC48F9CC9F77F3D7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomrouterfilter.sys 89AEAEAD593723EA7182AA72691E98C5
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== Three Months Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-16 15:33 - 2015-04-16 15:34 - 00035048 _____ () C:\Users\WINDOWS\Desktop\FRST.txt
2015-04-16 15:33 - 2015-04-16 15:33 - 00000000 ____D () C:\FRST
2015-04-16 15:30 - 2015-04-16 15:28 - 02097664 _____ (Farbar) C:\Users\WINDOWS\Desktop\FRST64.exe
2015-04-16 15:20 - 2015-04-16 15:28 - 02097664 _____ (Farbar) C:\Users\WINDOWS\Downloads\FRST64.exe
2015-04-10 18:53 - 2015-04-10 20:35 - 00006242 _____ () C:\Users\WINDOWS\Desktop\UsbFix_Report.txt
2015-04-10 18:39 - 2015-04-10 20:35 - 00000000 ____D () C:\UsbFix
2015-04-10 18:39 - 2015-04-10 18:39 - 00001452 _____ () C:\Users\WINDOWS\Desktop\UsbFix.lnk
2015-04-10 18:31 - 2015-04-10 18:31 - 04312424 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\WINDOWS\Downloads\UsbFix_7.9212.exe
2015-04-10 14:51 - 2015-04-10 14:57 - 00000000 ____D () C:\Users\WINDOWS\Desktop\book
2015-04-09 23:09 - 2015-04-09 23:09 - 00000000 ____D () C:\Users\WINDOWS\Tracing
2015-04-09 22:07 - 2015-04-09 22:07 - 00000000 ____D () C:\Users\WINDOWS\AppData\Local\Wacom
2015-04-09 22:07 - 2015-04-09 22:07 - 00000000 ____D () C:\Users\WINDOWS\.android
2015-04-09 22:06 - 2015-04-09 22:07 - 00000000 ____D () C:\Users\WINDOWS\AppData\Roaming\WTablet
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mesa Gráfica Wacom
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ____D () C:\Program Files\TabletPlugins
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2015-04-09 22:02 - 2015-04-09 22:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2015-04-09 22:01 - 2015-04-09 22:03 - 00000000 ____D () C:\Program Files\Tablet
2015-04-09 22:01 - 2015-04-09 22:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2015-04-09 22:01 - 2015-02-26 19:16 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01997592 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01990936 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01863960 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01618712 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01612056 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2015-04-09 22:01 - 2014-10-25 17:52 - 00100664 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2015-04-09 22:01 - 2014-10-25 17:52 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2015-04-09 22:01 - 2014-10-25 17:52 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2015-04-09 22:01 - 2012-12-11 19:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll
2015-04-09 22:01 - 2012-12-11 19:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2015-04-09 21:25 - 2015-04-09 21:58 - 150622864 _____ () C:\Users\WINDOWS\Downloads\WacomTablet_6.3.11-4a.exe
2015-04-09 21:16 - 2015-04-09 21:16 - 06497345 _____ () C:\Users\WINDOWS\Downloads\Não confirmado 986637.crdownload
2015-04-09 20:37 - 2015-04-09 20:37 - 50997985 _____ () C:\Users\WINDOWS\Downloads\Não confirmado 864165.crdownload
2015-03-06 18:29 - 2015-04-16 13:53 - 00318824 _____ () C:\Windows\system32\HermesHelp.dll
2015-03-06 18:18 - 2015-03-06 18:18 - 00347400 _____ () C:\Windows\system32\Drivers\Hermes.sys
2015-03-02 10:34 - 2015-03-02 10:35 - 01048064 _____ () C:\Users\WINDOWS\Downloads\Não confirmado 86467.crdownload
2015-03-02 09:42 - 2015-03-02 09:42 - 00000868 _____ () C:\Users\Public\Desktop\Baidu Antivirus.lnk
2015-02-09 18:34 - 2015-02-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 17:49 - 2015-02-08 17:49 - 00020895 _____ () C:\Users\WINDOWS\Downloads\dragon-ball-z-budokai-tenkaichi-portable-multi2psppatch-todos-cfwbixuwwwgamestorrentsco. (2).torrent
2015-02-08 17:47 - 2015-02-08 17:48 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco. (4).torrent
2015-02-08 17:39 - 2015-01-08 05:01 - 00418336 _____ (Baidu, Inc.) C:\Windows\system32\BdSandboxDll64.dll
2015-02-08 17:39 - 2015-01-08 05:01 - 00330272 _____ (Baidu, Inc.) C:\Windows\SysWOW64\BdSandboxDll32.dll
2015-02-07 14:25 - 2015-02-07 14:25 - 00020895 _____ () C:\Users\WINDOWS\Downloads\dragon-ball-z-budokai-tenkaichi-portable-multi2psppatch-todos-cfwbixuwwwgamestorrentsco. (1).torrent
2015-02-07 14:21 - 2015-02-07 14:21 - 00016266 _____ () C:\Users\WINDOWS\Downloads\pro-evolution-soccer-2014-multi2psptextos-espaolsuper-rippatch-todos-cfwbixuwwwgamestorrentsco..torrent
2015-02-07 14:20 - 2015-02-07 14:20 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco. (3).torrent
2015-02-07 14:13 - 2015-02-07 14:13 - 00431272 _____ () C:\Users\WINDOWS\Downloads\Pro-Evolution-Soccer-2015-Campeones-Definitivos---PSP-Baixa-via_downloader-QcI7Wl8v1.exe
2015-02-07 14:13 - 2015-02-07 14:13 - 00431272 _____ () C:\Users\WINDOWS\Downloads\Pro-Evolution-Soccer-2015-Campeones-Definitivos---PSP-Baixa-via_downloader-Q9bz1Ondg.exe
2015-02-07 14:13 - 2015-02-07 14:13 - 00431272 _____ () C:\Users\WINDOWS\Downloads\Pro-Evolution-Soccer-2015-Campeones-Definitivos---PSP-Baixa-via_downloader-Q5BPcvRqD.exe
2015-02-07 14:11 - 2015-03-02 09:42 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2015-02-07 14:11 - 2015-02-10 23:07 - 00483288 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys
2015-02-07 14:11 - 2015-02-10 23:07 - 00174328 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2015-02-07 14:11 - 2015-02-10 23:07 - 00061112 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex64.sys
2015-02-07 14:11 - 2015-02-10 23:07 - 00059896 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2015-02-07 14:11 - 2015-02-10 23:07 - 00038392 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2015-02-07 14:11 - 2015-02-07 14:11 - 00020895 _____ () C:\Users\WINDOWS\Downloads\dragon-ball-z-budokai-tenkaichi-portable-multi2psppatch-todos-cfwbixuwwwgamestorrentsco..torrent
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\ProgramData\Baidu Security
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\ProgramData\Baidu
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2015-02-07 14:11 - 2015-01-08 05:02 - 00232440 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BdSandbox.sys
2015-02-07 14:10 - 2015-02-07 14:10 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco. (2).torrent
2015-02-07 14:10 - 2015-02-07 14:10 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco. (1).torrent
2015-02-07 14:09 - 2015-04-16 15:34 - 00000000 ____D () C:\Users\WINDOWS\AppData\Roaming\uTorrent
2015-02-07 14:09 - 2015-02-07 14:09 - 00000853 _____ () C:\Users\WINDOWS\Desktop\µTorrent.lnk
2015-02-07 14:09 - 2015-02-07 14:09 - 00000833 _____ () C:\Users\WINDOWS\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-07 14:08 - 2015-02-07 14:08 - 01680464 _____ (BitTorrent Inc.) C:\Users\WINDOWS\Downloads\utorrent-3-4-2-build-36615-32-bits [1].exe
2015-02-07 14:07 - 2015-02-07 14:07 - 00675114 _____ () C:\Users\WINDOWS\Downloads\utorrent-3-4-2-build-36615-32-bits.exe
2015-02-07 14:06 - 2015-02-07 14:06 - 00003142 _____ () C:\Windows\System32\Tasks\{E4B3BE96-B1D6-4828-A935-C4BC588CBEF3}
2015-02-07 14:05 - 2015-02-07 14:05 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco..torrent
2015-02-07 14:04 - 2015-02-07 14:06 - 00000000 ____D () C:\Users\WINDOWS\Downloads\David Cross_ HITS Preview
2015-02-07 14:03 - 2015-02-07 14:06 - 00000000 ____D () C:\Users\WINDOWS\AppData\Roaming\BitTorrent
2015-02-07 14:03 - 2015-02-07 14:03 - 00000000 ____D () C:\Users\Todos os Usuários\APN
2015-02-07 14:03 - 2015-02-07 14:03 - 00000000 ____D () C:\ProgramData\APN
2015-02-07 14:02 - 2015-02-07 14:02 - 01742936 _____ (BitTorrent Inc.) C:\Users\WINDOWS\Downloads\BitTorrent.exe
2015-02-07 14:00 - 2015-02-07 14:00 - 01743448 _____ (BitTorrent Inc.) C:\Users\WINDOWS\Downloads\bittorrent-7-9-2-build-38430-32-bits [1].exe
2015-02-07 14:00 - 2015-02-07 14:00 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-02-07 13:59 - 2015-02-07 13:59 - 00675114 _____ () C:\Users\WINDOWS\Downloads\bittorrent-7-9-2-build-38430-32-bits.exe
2015-01-16 16:26 - 2015-01-16 16:26 - 00000165 ____H () C:\Users\WINDOWS\Desktop\~$controle pagamento casamento 07 novembro 2014.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-16 15:31 - 2014-09-22 20:52 - 00000000 ____D () C:\Users\WINDOWS\AppData\Roaming\Skype
2015-04-16 15:23 - 2014-03-20 08:25 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 15:22 - 2009-07-14 01:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-16 15:22 - 2009-07-14 01:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-16 14:58 - 2009-07-14 14:55 - 00004086 _____ () C:\Windows\system32\prfh0416.dat
2015-04-16 14:58 - 2009-07-14 14:55 - 00003894 _____ () C:\Windows\system32\prfc0416.dat
2015-04-16 14:58 - 2009-07-14 02:13 - 00778194 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 14:56 - 2009-07-14 01:51 - 00118837 _____ () C:\Windows\setupact.log
2015-04-16 13:47 - 2009-11-16 04:43 - 00555095 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 13:43 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 16:26 - 2014-03-20 08:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 16:26 - 2014-03-20 08:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 16:26 - 2014-03-20 08:25 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-10 14:09 - 2014-09-09 17:59 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-10 14:09 - 2014-09-09 17:59 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-10 14:09 - 2014-09-09 17:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-09 23:09 - 2009-11-16 04:48 - 00000000 ____D () C:\Users\WINDOWS
2015-04-09 22:25 - 2014-08-14 08:52 - 00000000 ____D () C:\Users\WINDOWS\AppData\Local\Adobe
2015-04-09 22:08 - 2014-09-22 20:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-09 22:08 - 2014-09-22 20:51 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2015-04-09 22:08 - 2014-09-22 20:51 - 00000000 ____D () C:\ProgramData\Skype
2015-04-09 20:47 - 2014-09-05 16:09 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2014-03-19 11:57 - 2014-03-19 12:00 - 0001456 _____ () C:\Users\WINDOWS\AppData\Local\Adobe Salvar para Web 13.0 Prefs
Some content of TEMP:
====================
C:\Users\WINDOWS\AppData\Local\Temp\avgnt.exe
C:\Users\WINDOWS\AppData\Local\Temp\utt4CAC.tmp.exe
C:\Users\WINDOWS\AppData\Local\Temp\uttB6DE.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Gerenciador de Inicializa‡Æo do Windows
--------------------
identificador {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale pt-BR
inherit {globalsettings}
default {current}
resumeobject {a2190c72-d28b-11de-a423-b38e960da425}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Carregador de Inicializa‡Æo do Windows
-------------------
identificador {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale pt-BR
inherit {bootloadersettings}
recoverysequence {a2190c74-d28b-11de-a423-b38e960da425}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a2190c72-d28b-11de-a423-b38e960da425}
nx OptIn
Carregador de Inicializa‡Æo do Windows
-------------------
identificador {a2190c74-d28b-11de-a423-b38e960da425}
device ramdisk=[C:]\Recovery\a2190c74-d28b-11de-a423-b38e960da425\Winre.wim,{a2190c75-d28b-11de-a423-b38e960da425}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\a2190c74-d28b-11de-a423-b38e960da425\Winre.wim,{a2190c75-d28b-11de-a423-b38e960da425}
systemroot \windows
nx OptIn
winpe Yes
Continuar da Hiberna‡Æo
---------------------
identificador {a2190c72-d28b-11de-a423-b38e960da425}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale pt-BR
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Testador de Mem¢ria do Windows
---------------------
identificador {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagn¢stico de Mem¢ria do Windows
locale pt-BR
inherit {globalsettings}
badmemoryaccess Yes
Configura‡äes de EMS
------------
identificador {emssettings}
bootems Yes
Configura‡äes do Depurador
-----------------
identificador {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Defeitos de RAM
-----------
identificador {badmemory}
Configura‡äes Globais
---------------
identificador {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Configura‡äes do Carregador de Inicializa‡Æo
--------------------
identificador {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Configura‡äes do Hypervisor
-------------------
identificador {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Configura‡äes do Carregador de Retorno
----------------------
identificador {resumeloadersettings}
inherit {globalsettings}
Op‡äes de dispositivo
--------------
identificador {a2190c75-d28b-11de-a423-b38e960da425}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\a2190c74-d28b-11de-a423-b38e960da425\boot.sdi
LastRegBack: 2015-04-14 16:55
==================== End Of Log ============================
Ran by WINDOWS (administrator) on ULTIMATE on 16-04-2015 15:33:36
Running from C:\Users\WINDOWS\Desktop
Loaded Profiles: WINDOWS (Available profiles: WINDOWS)
Platform: Windows 7 Ultimate (X64) OS Language: Português (Brasil)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(BitTorrent Inc.) C:\Users\WINDOWS\AppData\Roaming\uTorrent\uTorrent.exe
(Elias Fotinis) C:\Program Files (x86)\DeskPins\DeskPins.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-04-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB Antivirus] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1856032 2015-02-10] (Baidu, Inc.)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [GoogleChromeAutoLaunch_F8D1126C80F9311A03F66B81B56B8A9C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31683168 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [C:\Users\WINDOWS\AppData\Local\Temp\LD6182.tmp.exe] => C:\Users\WINDOWS\AppData\Local\Temp\LD6182.tmp.exe /exenoupdates /exelang 0 /prereqs "2,3" <===== ATTENTION
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5471104 2011-08-12] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\...\Run: [uTorrent] => C:\Users\WINDOWS\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.)
Startup: C:\Users\WINDOWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\DeskPins.exe (Elias Fotinis)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll (Baidu, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2971630942-859683006-4047004248-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-16] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-16] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\WINDOWS\AppData\Roaming\Mozilla\Firefox\Profiles\iyc2w1kd.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF user.js: detected! => C:\Users\WINDOWS\AppData\Roaming\Mozilla\Firefox\Profiles\iyc2w1kd.default\user.js [2014-09-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-02-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-02-09]
FF Extension: ObviousIdea Addon - C:\Users\WINDOWS\AppData\Roaming\Mozilla\Firefox\Profiles\iyc2w1kd.default\Extensions\toolbarbutton@obviousidea.us [2014-09-16]
FF Extension: DownloadHelper - C:\Users\WINDOWS\AppData\Roaming\Mozilla\Firefox\Profiles\iyc2w1kd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-09]
Chrome:
=======
CHR HomePage: Default -> hxxp://do-search.com/?type=hp&ts=1427486354&from=cor&uid=ST2000DM001-1CH164_W1E2ETR4XXXXW1E2ETR4
CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1427486354&from=cor&uid=ST2000DM001-1CH164_W1E2ETR4XXXXW1E2ETR4"
CHR Profile: C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-05]
CHR Extension: (Google Docs) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-05]
CHR Extension: (Google Drive) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-05]
CHR Extension: (YouTube) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-05]
CHR Extension: (Google Cast) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-19]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-12-19]
CHR Extension: (Google Search) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-05]
CHR Extension: (Video Downloader professional) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-09-24]
CHR Extension: (Google Sheets) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-05]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2014-12-19]
CHR Extension: (ObviousIdea) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnefekibahpibgnllfjpckodgobkpije [2014-09-17]
CHR Extension: (Plex) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2014-12-19]
CHR Extension: (VLC) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhafecgfkakfbhlbjffclfaomoliicpm [2015-02-10]
CHR Extension: (IDM Integration Module) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-10-31]
CHR Extension: (Video Download Helper) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-23]
CHR Extension: (Video download helper) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkioblodjcgkdailhejgcocjkkoochj [2015-03-06]
CHR Extension: (Google Wallet) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-05]
CHR Extension: (Melhores Destinos) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkobmcegbmmjnfhholeonfacmfkpcja [2014-12-19]
CHR Extension: (Gmail) - C:\Users\WINDOWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fnefekibahpibgnllfjpckodgobkpije] - C:\Users\WINDOWS\AppData\Local\ObviousIdea\extension.crx [2013-05-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-04-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-04-10] (Avira Operations GmbH & Co. KG)
R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe [2308792 2015-02-10] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe [264736 2015-01-08] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [427856 2015-02-10] (Baidu, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-04-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-09] (Avira Operations GmbH & Co. KG)
R3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [116984 2015-02-10] (Baidu, Inc.)
R3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [25048 2015-02-10] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [232440 2015-01-08] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [59896 2015-02-10] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38392 2015-02-10] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [61112 2015-02-10] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [483288 2015-02-10] (Baidu, Inc.)
R3 BNmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys [59384 2015-02-10] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [174328 2015-02-10] (Baidu, Inc.)
R1 Hermes; C:\Windows\System32\drivers\Hermes.sys [347400 2015-03-06] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys B9384E03479D2506BC924C16A3DB87BC
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 00BF66D168E1A7AA7E1C9F458BBA0B34
C:\Windows\System32\DRIVERS\avipbb.sys 055D318220DD4593F2A8C8FF83707D36
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys 9903EDF26EAC2B4EA69C789C74728D58
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys B4C547F5BA94F2EC3DA90623B0243FC1
C:\Windows\System32\drivers\BdSandbox.sys 19A06C8A07083EBE564B001EC110A43B
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\drivers\Bfilter.sys 7F4DD6CC447D1148635045BC45F05F75
C:\Windows\System32\drivers\Bfmon.sys 4CB30C939EB81A14B69B7C460CAF1E5E
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\bnbasex64.sys 80B216F21D7383B033903DC668C1CA43
C:\Windows\System32\drivers\bndef64.sys F06847B4A7B5964449DD455B3F6B252D
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys 9109E876DCE559B6AFAA6679FB6C9C8D
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\System32\drivers\Bprotect.sys A63A0B9919471DDB9036E6F8F3189F32
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB
C:\Windows\System32\Drivers\dfsc.sys 3F1DC527070ACB87E40AFE46EF6DA749
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 7CB7D2B73813CE05C7BC0F5F95D27CEC
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\Hermes.sys 23FD351C2081B9223A77FD4BB49B5D22
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidkmdf.sys F6C1CAF52246BD4F8503BC78A04A56C2
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys BBE1BF6D9B661C354D4857D5FADB943B
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys CFDCD8CA87C2A657DEBC150AC35B5E08
C:\Windows\System32\DRIVERS\mrxsmb10.sys 1BEE517B220B7F024F411AEC1571DD5A
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6B2D5FEF385828B6E485C1C90AFB8195
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC8F67289105BF270498095F14963464
C:\Windows\System32\DRIVERS\srv2.sys F773D2ED090B7BAA1C1A034F3CA476C8
C:\Windows\System32\DRIVERS\srvnet.sys 26E84D3649019C3244622E654DFCD75B
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895
C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\System32\DRIVERS\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1
C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wachidrouter.sys C465E2A166B7C349FC48F9CC9F77F3D7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomrouterfilter.sys 89AEAEAD593723EA7182AA72691E98C5
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== Three Months Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-16 15:33 - 2015-04-16 15:34 - 00035048 _____ () C:\Users\WINDOWS\Desktop\FRST.txt
2015-04-16 15:33 - 2015-04-16 15:33 - 00000000 ____D () C:\FRST
2015-04-16 15:30 - 2015-04-16 15:28 - 02097664 _____ (Farbar) C:\Users\WINDOWS\Desktop\FRST64.exe
2015-04-16 15:20 - 2015-04-16 15:28 - 02097664 _____ (Farbar) C:\Users\WINDOWS\Downloads\FRST64.exe
2015-04-10 18:53 - 2015-04-10 20:35 - 00006242 _____ () C:\Users\WINDOWS\Desktop\UsbFix_Report.txt
2015-04-10 18:39 - 2015-04-10 20:35 - 00000000 ____D () C:\UsbFix
2015-04-10 18:39 - 2015-04-10 18:39 - 00001452 _____ () C:\Users\WINDOWS\Desktop\UsbFix.lnk
2015-04-10 18:31 - 2015-04-10 18:31 - 04312424 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\WINDOWS\Downloads\UsbFix_7.9212.exe
2015-04-10 14:51 - 2015-04-10 14:57 - 00000000 ____D () C:\Users\WINDOWS\Desktop\book
2015-04-09 23:09 - 2015-04-09 23:09 - 00000000 ____D () C:\Users\WINDOWS\Tracing
2015-04-09 22:07 - 2015-04-09 22:07 - 00000000 ____D () C:\Users\WINDOWS\AppData\Local\Wacom
2015-04-09 22:07 - 2015-04-09 22:07 - 00000000 ____D () C:\Users\WINDOWS\.android
2015-04-09 22:06 - 2015-04-09 22:07 - 00000000 ____D () C:\Users\WINDOWS\AppData\Roaming\WTablet
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mesa Gráfica Wacom
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ____D () C:\Program Files\TabletPlugins
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2015-04-09 22:02 - 2015-04-09 22:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2015-04-09 22:01 - 2015-04-09 22:03 - 00000000 ____D () C:\Program Files\Tablet
2015-04-09 22:01 - 2015-04-09 22:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2015-04-09 22:01 - 2015-02-26 19:16 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01997592 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01990936 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01863960 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01618712 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01612056 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2015-04-09 22:01 - 2015-02-26 19:16 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2015-04-09 22:01 - 2014-10-25 17:52 - 00100664 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2015-04-09 22:01 - 2014-10-25 17:52 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2015-04-09 22:01 - 2014-10-25 17:52 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2015-04-09 22:01 - 2012-12-11 19:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll
2015-04-09 22:01 - 2012-12-11 19:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2015-04-09 21:25 - 2015-04-09 21:58 - 150622864 _____ () C:\Users\WINDOWS\Downloads\WacomTablet_6.3.11-4a.exe
2015-04-09 21:16 - 2015-04-09 21:16 - 06497345 _____ () C:\Users\WINDOWS\Downloads\Não confirmado 986637.crdownload
2015-04-09 20:37 - 2015-04-09 20:37 - 50997985 _____ () C:\Users\WINDOWS\Downloads\Não confirmado 864165.crdownload
2015-03-06 18:29 - 2015-04-16 13:53 - 00318824 _____ () C:\Windows\system32\HermesHelp.dll
2015-03-06 18:18 - 2015-03-06 18:18 - 00347400 _____ () C:\Windows\system32\Drivers\Hermes.sys
2015-03-02 10:34 - 2015-03-02 10:35 - 01048064 _____ () C:\Users\WINDOWS\Downloads\Não confirmado 86467.crdownload
2015-03-02 09:42 - 2015-03-02 09:42 - 00000868 _____ () C:\Users\Public\Desktop\Baidu Antivirus.lnk
2015-02-09 18:34 - 2015-02-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 17:49 - 2015-02-08 17:49 - 00020895 _____ () C:\Users\WINDOWS\Downloads\dragon-ball-z-budokai-tenkaichi-portable-multi2psppatch-todos-cfwbixuwwwgamestorrentsco. (2).torrent
2015-02-08 17:47 - 2015-02-08 17:48 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco. (4).torrent
2015-02-08 17:39 - 2015-01-08 05:01 - 00418336 _____ (Baidu, Inc.) C:\Windows\system32\BdSandboxDll64.dll
2015-02-08 17:39 - 2015-01-08 05:01 - 00330272 _____ (Baidu, Inc.) C:\Windows\SysWOW64\BdSandboxDll32.dll
2015-02-07 14:25 - 2015-02-07 14:25 - 00020895 _____ () C:\Users\WINDOWS\Downloads\dragon-ball-z-budokai-tenkaichi-portable-multi2psppatch-todos-cfwbixuwwwgamestorrentsco. (1).torrent
2015-02-07 14:21 - 2015-02-07 14:21 - 00016266 _____ () C:\Users\WINDOWS\Downloads\pro-evolution-soccer-2014-multi2psptextos-espaolsuper-rippatch-todos-cfwbixuwwwgamestorrentsco..torrent
2015-02-07 14:20 - 2015-02-07 14:20 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco. (3).torrent
2015-02-07 14:13 - 2015-02-07 14:13 - 00431272 _____ () C:\Users\WINDOWS\Downloads\Pro-Evolution-Soccer-2015-Campeones-Definitivos---PSP-Baixa-via_downloader-QcI7Wl8v1.exe
2015-02-07 14:13 - 2015-02-07 14:13 - 00431272 _____ () C:\Users\WINDOWS\Downloads\Pro-Evolution-Soccer-2015-Campeones-Definitivos---PSP-Baixa-via_downloader-Q9bz1Ondg.exe
2015-02-07 14:13 - 2015-02-07 14:13 - 00431272 _____ () C:\Users\WINDOWS\Downloads\Pro-Evolution-Soccer-2015-Campeones-Definitivos---PSP-Baixa-via_downloader-Q5BPcvRqD.exe
2015-02-07 14:11 - 2015-03-02 09:42 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2015-02-07 14:11 - 2015-02-10 23:07 - 00483288 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys
2015-02-07 14:11 - 2015-02-10 23:07 - 00174328 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2015-02-07 14:11 - 2015-02-10 23:07 - 00061112 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex64.sys
2015-02-07 14:11 - 2015-02-10 23:07 - 00059896 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2015-02-07 14:11 - 2015-02-10 23:07 - 00038392 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2015-02-07 14:11 - 2015-02-07 14:11 - 00020895 _____ () C:\Users\WINDOWS\Downloads\dragon-ball-z-budokai-tenkaichi-portable-multi2psppatch-todos-cfwbixuwwwgamestorrentsco..torrent
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\ProgramData\Baidu Security
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\ProgramData\Baidu
2015-02-07 14:11 - 2015-02-07 14:11 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2015-02-07 14:11 - 2015-01-08 05:02 - 00232440 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BdSandbox.sys
2015-02-07 14:10 - 2015-02-07 14:10 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco. (2).torrent
2015-02-07 14:10 - 2015-02-07 14:10 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco. (1).torrent
2015-02-07 14:09 - 2015-04-16 15:34 - 00000000 ____D () C:\Users\WINDOWS\AppData\Roaming\uTorrent
2015-02-07 14:09 - 2015-02-07 14:09 - 00000853 _____ () C:\Users\WINDOWS\Desktop\µTorrent.lnk
2015-02-07 14:09 - 2015-02-07 14:09 - 00000833 _____ () C:\Users\WINDOWS\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-07 14:08 - 2015-02-07 14:08 - 01680464 _____ (BitTorrent Inc.) C:\Users\WINDOWS\Downloads\utorrent-3-4-2-build-36615-32-bits [1].exe
2015-02-07 14:07 - 2015-02-07 14:07 - 00675114 _____ () C:\Users\WINDOWS\Downloads\utorrent-3-4-2-build-36615-32-bits.exe
2015-02-07 14:06 - 2015-02-07 14:06 - 00003142 _____ () C:\Windows\System32\Tasks\{E4B3BE96-B1D6-4828-A935-C4BC588CBEF3}
2015-02-07 14:05 - 2015-02-07 14:05 - 00020564 _____ () C:\Users\WINDOWS\Downloads\pes-2015-campeones-definitivos-spanishpsppatch-todos-cfwbixuwwwgamestorrentsco..torrent
2015-02-07 14:04 - 2015-02-07 14:06 - 00000000 ____D () C:\Users\WINDOWS\Downloads\David Cross_ HITS Preview
2015-02-07 14:03 - 2015-02-07 14:06 - 00000000 ____D () C:\Users\WINDOWS\AppData\Roaming\BitTorrent
2015-02-07 14:03 - 2015-02-07 14:03 - 00000000 ____D () C:\Users\Todos os Usuários\APN
2015-02-07 14:03 - 2015-02-07 14:03 - 00000000 ____D () C:\ProgramData\APN
2015-02-07 14:02 - 2015-02-07 14:02 - 01742936 _____ (BitTorrent Inc.) C:\Users\WINDOWS\Downloads\BitTorrent.exe
2015-02-07 14:00 - 2015-02-07 14:00 - 01743448 _____ (BitTorrent Inc.) C:\Users\WINDOWS\Downloads\bittorrent-7-9-2-build-38430-32-bits [1].exe
2015-02-07 14:00 - 2015-02-07 14:00 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-02-07 13:59 - 2015-02-07 13:59 - 00675114 _____ () C:\Users\WINDOWS\Downloads\bittorrent-7-9-2-build-38430-32-bits.exe
2015-01-16 16:26 - 2015-01-16 16:26 - 00000165 ____H () C:\Users\WINDOWS\Desktop\~$controle pagamento casamento 07 novembro 2014.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-16 15:31 - 2014-09-22 20:52 - 00000000 ____D () C:\Users\WINDOWS\AppData\Roaming\Skype
2015-04-16 15:23 - 2014-03-20 08:25 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 15:22 - 2009-07-14 01:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-16 15:22 - 2009-07-14 01:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-16 14:58 - 2009-07-14 14:55 - 00004086 _____ () C:\Windows\system32\prfh0416.dat
2015-04-16 14:58 - 2009-07-14 14:55 - 00003894 _____ () C:\Windows\system32\prfc0416.dat
2015-04-16 14:58 - 2009-07-14 02:13 - 00778194 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 14:56 - 2009-07-14 01:51 - 00118837 _____ () C:\Windows\setupact.log
2015-04-16 13:47 - 2009-11-16 04:43 - 00555095 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 13:43 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 16:26 - 2014-03-20 08:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 16:26 - 2014-03-20 08:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 16:26 - 2014-03-20 08:25 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-10 14:09 - 2014-09-09 17:59 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-10 14:09 - 2014-09-09 17:59 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-10 14:09 - 2014-09-09 17:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-09 23:09 - 2009-11-16 04:48 - 00000000 ____D () C:\Users\WINDOWS
2015-04-09 22:25 - 2014-08-14 08:52 - 00000000 ____D () C:\Users\WINDOWS\AppData\Local\Adobe
2015-04-09 22:08 - 2014-09-22 20:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-09 22:08 - 2014-09-22 20:51 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2015-04-09 22:08 - 2014-09-22 20:51 - 00000000 ____D () C:\ProgramData\Skype
2015-04-09 20:47 - 2014-09-05 16:09 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2014-03-19 11:57 - 2014-03-19 12:00 - 0001456 _____ () C:\Users\WINDOWS\AppData\Local\Adobe Salvar para Web 13.0 Prefs
Some content of TEMP:
====================
C:\Users\WINDOWS\AppData\Local\Temp\avgnt.exe
C:\Users\WINDOWS\AppData\Local\Temp\utt4CAC.tmp.exe
C:\Users\WINDOWS\AppData\Local\Temp\uttB6DE.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Gerenciador de Inicializa‡Æo do Windows
--------------------
identificador {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale pt-BR
inherit {globalsettings}
default {current}
resumeobject {a2190c72-d28b-11de-a423-b38e960da425}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Carregador de Inicializa‡Æo do Windows
-------------------
identificador {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale pt-BR
inherit {bootloadersettings}
recoverysequence {a2190c74-d28b-11de-a423-b38e960da425}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a2190c72-d28b-11de-a423-b38e960da425}
nx OptIn
Carregador de Inicializa‡Æo do Windows
-------------------
identificador {a2190c74-d28b-11de-a423-b38e960da425}
device ramdisk=[C:]\Recovery\a2190c74-d28b-11de-a423-b38e960da425\Winre.wim,{a2190c75-d28b-11de-a423-b38e960da425}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\a2190c74-d28b-11de-a423-b38e960da425\Winre.wim,{a2190c75-d28b-11de-a423-b38e960da425}
systemroot \windows
nx OptIn
winpe Yes
Continuar da Hiberna‡Æo
---------------------
identificador {a2190c72-d28b-11de-a423-b38e960da425}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale pt-BR
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Testador de Mem¢ria do Windows
---------------------
identificador {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagn¢stico de Mem¢ria do Windows
locale pt-BR
inherit {globalsettings}
badmemoryaccess Yes
Configura‡äes de EMS
------------
identificador {emssettings}
bootems Yes
Configura‡äes do Depurador
-----------------
identificador {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Defeitos de RAM
-----------
identificador {badmemory}
Configura‡äes Globais
---------------
identificador {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Configura‡äes do Carregador de Inicializa‡Æo
--------------------
identificador {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Configura‡äes do Hypervisor
-------------------
identificador {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Configura‡äes do Carregador de Retorno
----------------------
identificador {resumeloadersettings}
inherit {globalsettings}
Op‡äes de dispositivo
--------------
identificador {a2190c75-d28b-11de-a423-b38e960da425}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\a2190c74-d28b-11de-a423-b38e960da425\boot.sdi
LastRegBack: 2015-04-14 16:55
==================== End Of Log ============================