Chicadeaccion
2015-05-19, 04:28
Edit
Previous topic March 2015: https://forums.spybot.info/showthread.php?72174-My-PC-and-my-3-usb-are-infected-please-help-me
Hello, my name is lilian. I am worried because my internet is under attack everyday and my pc is infected, because is not working good and my browser is infected I think because is not working appropriately, so please I need your help.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Aviadora (administrator) on PLANEWINS-PC on 18-05-2015 21:05:43
Running from C:\ProgramData\Shared Space
Loaded Profiles: Aviadora (Available profiles: Aviadora)
Platform: Microsoft Windows 7 Professional (X86) OS Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Comodo\Dragon\dragon.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(Comodo) C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3IS80\V3Svc.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3IS80\V3SP.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\btplayerctrl.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
() C:\Program Files\Comodo\Dragon\virtual_mode_helper.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
() C:\Program Files\Google\Update\GoogleUpdate.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1359064 2015-05-07] (COMODO)
HKLM\...\Run: [V3 Session Process] => C:\Program Files\AhnLab\V3IS80\V3SP.exe [372664 2015-05-07] (AhnLab, Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe [159536 2015-05-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-05-08] (Comodo Security Solutions, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-05-08]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1775094515-335933959-2663663832-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com?fr=fp-comodo
SearchScopes: HKU\S-1-5-21-1775094515-335933959-2663663832-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://es.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1775094515-335933959-2663663832-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://es.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 200.83.1.5 190.160.0.15 200.30.192.14
Tcpip\..\Interfaces\{198D4E42-84AD-4056-BAB2-8C8B1EC02C55}: [NameServer] 8.26.56.26,8.20.247.20
Tcpip\..\Interfaces\{3DA65897-066F-4A55-9115-B5E0F850C7A8}: [NameServer] 8.26.56.26,8.20.247.20
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2015-05-17] ( Microsoft Corporation)
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bluetooth Device Monitor; C:\Program Files\Intel\Bluetooth\devmonsrv.exe [1124728 2015-05-07] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Intel\Bluetooth\mediasrv.exe [1366392 2015-05-07] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Intel\Bluetooth\obexsrv.exe [1157496 2015-05-07] (Motorola Solutions, Inc.)
R2 ChromodoUpdater; C:\Program Files\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-05-08] (Comodo)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70872 2015-05-08] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4351816 2015-05-07] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664728 2015-05-07] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2370240 2015-05-18] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-05-08] (Comodo Security Solutions, Inc.)
R2 V3 Service; C:\Program Files\AhnLab\V3IS80\V3Svc.exe [265592 2015-05-07] (AhnLab, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AhnActNt; C:\Program Files\AhnLab\V3IS80\AhnACtNt.sys [89088 2012-01-27] (AhnLab, Inc.)
R3 AhnFlt2K; C:\Windows\system32\drivers\AhnFlt2K.sys [53824 2012-10-17] (AhnLab, Inc.)
R3 AhnRec2K; C:\Windows\system32\drivers\AhnRec2K.sys [21696 2012-12-07] (AhnLab, Inc.)
R3 AhnRghNt; C:\Windows\system32\drivers\AhnRghNt.sys [62912 2012-11-07] (AhnLab, Inc.)
R3 AhnSZE; C:\Windows\System32\drivers\AhnSZE.sys [2038208 2015-05-15] (AhnLab, Inc.)
R1 AMonLWLH; C:\Windows\System32\DRIVERS\amonlwlh.sys [41280 2015-05-07] (AhnLab, Inc.)
R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [101696 2012-09-14] (AhnLab, Inc.)
R3 ASZFltNt; C:\Program Files\AhnLab\V3IS80\ASZFltNt.sys [141568 2012-03-21] (AhnLab, Inc.)
R1 ATamptNt_V3IS80; C:\Program Files\AhnLab\V3IS80\ATamptNt.sys [191296 2012-12-10] (AhnLab, Inc.)
R3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [19608 2009-07-21] (AhnLab, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2015-05-08] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [621144 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2015-04-01] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-04-01] (COMODO)
R3 ISFWEnt; C:\Program Files\AhnLab\V3IS80\ISFWEnt.sys [140064 2012-03-21] (AhnLab, Inc.)
R3 ISIPSEnt; C:\Program Files\AhnLab\V3IS80\ISIPSEnt.sys [153416 2012-10-26] (AhnLab, Inc.)
R3 ISPIBEnt; C:\Program Files\AhnLab\V3IS80\ISPIBEnt.sys [128840 2011-07-03] (AhnLab, Inc.)
R3 ISPrxEnt; C:\Program Files\AhnLab\V3IS80\ISPrxEnt.sys [77736 2011-07-03] (AhnLab, Inc.)
R3 MeDCoreD_V3IS80; C:\Program Files\AhnLab\V3IS80\MeDCoreD.sys [867352 2015-04-08] (AhnLab, Inc.)
R3 TfFRegNt; C:\Program Files\AhnLab\V3IS80\TfFRegNt.sys [64448 2012-09-24] (AhnLab, Inc.)
R3 TfProcNt; C:\Program Files\AhnLab\V3IS80\AHAWKENT.sys [31168 2012-09-24] (AhnLab, Inc.)
R1 v3engine; C:\Windows\system32\drivers\v3engine.sys [2774200 2015-05-15] (AhnLab, Inc.)
R1 V3Flt2K; C:\Program Files\AhnLab\V3IS80\V3Flt2k.sys [174784 2012-10-26] (AhnLab, Inc.)
S3 V3Flu2k_V3IS80; C:\Program Files\AhnLab\V3IS80\V3Flu2k.sys [125312 2012-03-21] (AhnLab, Inc.)
R3 V3IFt2K; C:\Program Files\AhnLab\V3IS80\V3Ift2k.sys [79104 2012-03-21] (AhnLab, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-18 21:04 - 2015-05-18 21:04 - 00000000 ____H () C:\Users\Aviadora\Documents\Default.rdp
2015-05-18 21:00 - 2015-05-18 21:05 - 00000000 ____D () C:\FRST
2015-05-18 20:57 - 2015-05-18 20:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PLANEWINS-PC-Windows-7-Professional-(32-bit).dat
2015-05-18 20:55 - 2015-05-18 20:55 - 00000000 ____D () C:\RegBackup
2015-05-18 20:53 - 2015-05-18 20:55 - 00002181 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-18 20:53 - 2015-05-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-18 20:53 - 2015-05-18 20:53 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-05-18 18:55 - 2015-05-18 20:55 - 00872456 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-05-18 18:47 - 2015-05-18 18:47 - 00001929 _____ () C:\Users\Aviadora\Desktop\Virtual Comodo Dragon.lnk
2015-05-18 18:44 - 2015-05-18 18:44 - 00000000 ___HD () C:\VTRoot
2015-05-18 02:43 - 2015-05-18 02:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-05-18 02:13 - 2015-05-18 02:13 - 06962912 _____ (Microsoft Corporation) C:\Users\Aviadora\Downloads\Silverlight.exe
2015-05-18 02:13 - 2015-05-18 02:13 - 00001074 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2015-05-18 02:12 - 2015-05-18 02:12 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2015-05-18 02:12 - 2015-05-18 02:12 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2015-05-18 02:12 - 2015-05-18 02:12 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2015-05-18 02:11 - 2015-05-18 02:11 - 53160152 _____ (Comodo) C:\Users\Aviadora\Downloads\dragonsetup.exe
2015-05-17 23:10 - 2015-05-17 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-17 23:09 - 2015-05-17 23:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 23:01 - 2015-05-17 23:01 - 00002089 _____ () C:\Users\Aviadora\Desktop\Virtual Internet Explorer.lnk
2015-05-08 00:57 - 2015-05-08 00:57 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2015-05-08 00:57 - 2015-05-08 00:57 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2015-05-08 00:51 - 2015-05-08 00:56 - 00024328 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-05-08 00:51 - 2015-05-08 00:56 - 00024296 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.exe
2015-05-07 23:52 - 2015-05-07 23:52 - 00000000 ____D () C:\Users\Aviadora\AppData\Local\DriverToolkit
2015-05-07 23:51 - 2015-05-08 00:28 - 00000000 ____D () C:\Program Files\DriverToolkit
2015-05-07 23:38 - 2015-05-07 23:38 - 00000000 ____D () C:\SWTOOLS
2015-05-07 23:31 - 2015-05-07 23:31 - 00000000 ____D () C:\Program Files\Intel
2015-05-07 22:42 - 2015-05-07 22:43 - 00000000 ____D () C:\Users\Aviadora\AppData\Roaming\SumatraPDF
2015-05-07 22:42 - 2015-05-07 22:42 - 00001875 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2015-05-07 22:42 - 2015-05-07 22:42 - 00000000 ____D () C:\Program Files\SumatraPDF
2015-05-07 22:12 - 2015-05-15 11:37 - 02038208 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\ahnsze.sys
2015-05-07 22:12 - 2015-05-07 22:13 - 00041280 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonLWLH.sys
2015-05-07 22:12 - 2015-05-07 22:12 - 00002013 _____ () C:\Users\Public\Desktop\AhnLab V3 Internet Security 8.0.lnk
2015-05-07 22:12 - 2015-05-07 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AhnLab
2015-05-07 22:12 - 2012-12-07 06:28 - 00021696 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnRec2k.sys
2015-05-07 22:12 - 2012-11-07 02:51 - 00062912 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnRghNt.sys
2015-05-07 22:12 - 2012-10-17 06:03 - 00053824 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnFlt2k.sys
2015-05-07 22:12 - 2012-09-14 03:59 - 00106856 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonTDNt.sys
2015-05-07 22:12 - 2012-09-14 03:59 - 00101696 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonTDLH.sys
2015-05-07 22:12 - 2011-05-26 12:24 - 00053352 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonHKNT.sys
2015-05-07 22:12 - 2010-11-26 03:08 - 00031424 _____ (AhnLab, Inc.) C:\Windows\system32\V3w32se2.dll
2015-05-07 22:12 - 2009-07-21 15:08 - 00019608 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\CdmDrvNt.sys
2015-05-07 22:11 - 2015-05-15 11:37 - 02774200 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\v3engine.sys
2015-05-07 22:11 - 2015-05-15 11:37 - 02708960 _____ (AhnLab, Inc.) C:\Windows\system32\BTScan.exe
2015-05-07 22:10 - 2015-05-07 22:13 - 00014602 _____ () C:\Windows\V3Inst.log
2015-05-07 22:10 - 2015-05-07 22:12 - 00000000 ____D () C:\ProgramData\AhnLab
2015-05-07 22:10 - 2015-05-07 22:10 - 00000000 ____D () C:\Program Files\AhnLab
2015-05-07 21:50 - 2015-05-07 21:47 - 00121401 _____ () C:\Users\Aviadora\Documents\YouTube Video Downloader.zip
2015-05-07 21:03 - 2015-05-07 21:03 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-07 20:45 - 2015-05-07 20:45 - 00000384 _____ () C:\Windows\PFRO.log
2015-04-26 17:23 - 2015-04-26 17:23 - 00002081 _____ () C:\Users\Aviadora\Desktop\Virtual Chromodo.lnk
2015-04-23 16:19 - 2015-04-23 16:19 - 00057560 _____ () C:\Users\Aviadora\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-23 16:18 - 2015-05-18 20:56 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-04-23 16:18 - 2015-05-07 20:43 - 00001985 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-04-23 16:17 - 2015-05-18 21:05 - 00000000 ____D () C:\ProgramData\Shared Space
2015-04-23 16:16 - 2015-05-18 02:13 - 00000000 ____D () C:\Users\Aviadora\AppData\Local\Comodo
2015-04-23 16:16 - 2015-05-18 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-23 16:16 - 2015-04-23 16:16 - 00001080 _____ () C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-04-23 16:15 - 2015-05-18 02:12 - 00000000 ____D () C:\Program Files\Comodo
2015-04-23 16:15 - 2015-04-23 16:18 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-23 16:13 - 2015-03-23 21:00 - 229979832 _____ (COMODO) C:\Users\Aviadora\Desktop\cispremium_installer.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-18 20:27 - 2009-07-14 00:34 - 00009600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-18 20:27 - 2009-07-14 00:34 - 00009600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 18:32 - 2015-04-11 01:17 - 01533016 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 18:27 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 18:27 - 2009-07-14 00:39 - 00027036 _____ () C:\Windows\setupact.log
2015-05-18 02:50 - 2015-04-10 19:05 - 00108144 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 02:43 - 2009-07-13 20:06 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2015-05-18 02:43 - 2009-07-13 20:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2015-05-18 02:43 - 2009-07-13 19:51 - 00034944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-05-08 00:59 - 2014-06-26 01:33 - 00035064 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\CFRMD.sys
2015-05-08 00:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-07 23:00 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-26 16:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-23 16:16 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\restore
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-10 19:02
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by Aviadora at 2015-05-18 21:06:41
Running from C:\ProgramData\Shared Space
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1775094515-335933959-2663663832-500 - Administrator - Disabled)
Aviadora (S-1-5-21-1775094515-335933959-2663663832-1000 - Administrator - Enabled) => C:\Users\Aviadora
HomeGroupUser$ (S-1-5-21-1775094515-335933959-2663663832-1002 - Limited - Enabled)
Invitado (S-1-5-21-1775094515-335933959-2663663832-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AhnLab V3 Internet Security 8.0 (Enabled - Up to date) {8BBDF86F-04C8-0A4B-7501-E800E3793E54}
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AhnLab V3 Internet Security 8.0 (Enabled - Up to date) {30DC198B-22F2-05C5-4FB1-D37298FE74E9}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
FW: AhnLab V3 Internet Security 8.0 (Enabled) {B386794A-4EA7-0B13-5E5E-41351DAA792F}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AhnLab V3 Internet Security 8.0 (HKLM\...\{AF8267C6_8886_4cfd_AAC7_48BCB879743F}) (Version: 8.0.7.1398 - AhnLab, Inc.)
Chromodo (HKLM\...\Chromodo) (Version: 36.7.0.8 - Comodo)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.22 - Comodo)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
GeekBuddy (HKLM\...\{D43B9708-6C72-4797-971D-B878CBF45385}) (Version: 4.19.131 - Comodo Security Solutions Inc)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1304-148929CC1385}) (Version: 3.0.1304.0338 - Intel Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
23-04-2015 16:16:52 Installing COMODO Internet Security Premium
23-04-2015 16:18:09 Instalación del paquete de controladores de dispositivo: COMODO Servicio de red
07-05-2015 21:03:16 Windows Update
07-05-2015 23:30:17 Installed Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {49ABD5D0-5396-4DC4-9043-66E75D603BCD} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-05-07] (COMODO)
Task: {A419D41F-D844-4F61-A8B9-789543E16E58} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-05-07] (COMODO)
Task: {ADA0B208-D43D-49F6-B166-354B7049AA45} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-05-07] (COMODO)
Task: {BBF3377D-E095-48AF-8081-6F53B77964A0} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-05-07] (COMODO)
Task: {CAB08E46-F139-48D9-8B2B-72B595664ED8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-05-07] (COMODO)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (Whitelisted) ==============
2015-03-05 15:44 - 2015-03-05 15:44 - 00976088 _____ () C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll
2015-03-05 15:44 - 2015-03-05 15:44 - 02254552 _____ () C:\Program Files\Comodo\GeekBuddy\QtCore4.dll
2015-03-05 15:44 - 2015-03-05 15:44 - 08024792 _____ () C:\Program Files\Comodo\GeekBuddy\QtGui4.dll
2015-03-05 15:44 - 2015-03-05 15:44 - 00032984 _____ () C:\Program Files\Comodo\GeekBuddy\imageformats\qgif4.dll
2015-03-05 15:44 - 2015-03-05 15:44 - 01299672 _____ () C:\Program Files\Comodo\GeekBuddy\QtScript4.dll
2013-04-15 17:39 - 2015-01-08 18:02 - 00061152 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-03-11 05:29 - 2015-05-18 02:13 - 00149696 _____ () C:\Program Files\Comodo\Dragon\virtual_mode_helper.exe
2015-03-11 05:21 - 2015-03-11 05:21 - 00956608 _____ () C:\Program Files\Comodo\Dragon\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\system32\certsentry.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AMonLWLH.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CFRMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID
AlternateDataStreams: C:\Users\Aviadora\Downloads\dragonsetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Aviadora\Downloads\Silverlight.exe:$CmdTcID
AlternateDataStreams: C:\Users\Aviadora\Downloads\Silverlight.exe:$CmdZnID
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1775094515-335933959-2663663832-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0CED24DE-E874-4235-A316-D02ECF974D23}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{B0DD790F-8D93-42C6-A1DB-B1518862817C}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{15FF47CE-4A91-4CAB-B490-6BF0F7B9603E}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{11EE037E-7B66-4258-92FC-B8E317F18155}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
==================== Faulty Device Manager Devices =============
Name: USB2.0 Web Camera
Description: USB2.0 Web Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Controladora de dispositivo de almacenamiento
Description: Controladora de dispositivo de almacenamiento
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/18/2015 07:52:49 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: No se pudo finalizar una transacción de Windows Installer {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}. Error 1622 al finalizar la transacción.
Error: (05/18/2015 06:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: iexplore.exe, versión: 8.0.7600.16385, marca de tiempo: 0x4a5bc69e
Nombre del módulo con errores: IEFRAME.dll, versión: 8.0.7600.16385, marca de tiempo: 0x4a5bda08
Código de excepción: 0xc0000094
Desplazamiento de errores: 0x000af078
Id. del proceso con errores: 0x1338
Hora de inicio de la aplicación con errores: 0xiexplore.exe0
Ruta de acceso de la aplicación con errores: iexplore.exe1
Ruta de acceso del módulo con errores: iexplore.exe2
Id. del informe: iexplore.exe3
Error: (05/18/2015 02:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: chromodo.exe, versión: 36.7.0.8, marca de tiempo: 0x5513a77e
Nombre del módulo con errores: chromodo_s.dll, versión: 36.7.0.8, marca de tiempo: 0x5513a73a
Código de excepción: 0xc00000fd
Desplazamiento de errores: 0x00ac3c88
Id. del proceso con errores: 0x11ac
Hora de inicio de la aplicación con errores: 0xchromodo.exe0
Ruta de acceso de la aplicación con errores: chromodo.exe1
Ruta de acceso del módulo con errores: chromodo.exe2
Id. del informe: chromodo.exe3
Error: (05/18/2015 01:49:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: iexplore.exe, versión: 8.0.7600.16385, marca de tiempo: 0x4a5bc69e
Nombre del módulo con errores: IEFRAME.dll, versión: 8.0.7600.16385, marca de tiempo: 0x4a5bda08
Código de excepción: 0xc0000094
Desplazamiento de errores: 0x000af078
Id. del proceso con errores: 0x106c
Hora de inicio de la aplicación con errores: 0xiexplore.exe0
Ruta de acceso de la aplicación con errores: iexplore.exe1
Ruta de acceso del módulo con errores: iexplore.exe2
Id. del informe: iexplore.exe3
Error: (05/18/2015 01:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: chromodo.exe, versión: 36.7.0.8, marca de tiempo: 0x5513a77e
Nombre del módulo con errores: chromodo_s.dll, versión: 36.7.0.8, marca de tiempo: 0x5513a73a
Código de excepción: 0xc00000fd
Desplazamiento de errores: 0x00ac3c88
Id. del proceso con errores: 0x40c
Hora de inicio de la aplicación con errores: 0xchromodo.exe0
Ruta de acceso de la aplicación con errores: chromodo.exe1
Ruta de acceso del módulo con errores: chromodo.exe2
Id. del informe: chromodo.exe3
Error: (05/07/2015 11:40:41 PM) (Source: MsiInstaller) (EventID: 1013) (User: PlaneWins-PC)
Description: Producto: Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology -- Ya hay instalada una versión más reciente de Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology. Ahora se saldrá de la instalación.
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis
System errors:
=============
Error: (05/18/2015 01:03:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 0:21:36 del 18/05/2015 resultó inesperado.
Error: (05/08/2015 00:58:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio GeekBuddyRSP Server terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.
Error: (05/08/2015 00:58:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio GeekBuddyRSP Server terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.
Error: (04/28/2015 02:06:46 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.
Error: (04/28/2015 02:06:41 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.
Error: (04/28/2015 02:06:36 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.
Microsoft Office Sessions:
=========================
Error: (05/18/2015 07:52:49 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}1622(NULL)(NULL)(NULL)(NULL)
Error: (05/18/2015 06:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eIEFRAME.dll8.0.7600.163854a5bda08c0000094000af078133801d091bd8bf8918eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dllcbeadb30-fdb0-11e4-b469-0013a9482bf5
Error: (05/18/2015 02:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chromodo.exe36.7.0.85513a77echromodo_s.dll36.7.0.85513a73ac00000fd00ac3c8811ac01d0913142434056C:\Program Files\Comodo\Chromodo\chromodo.exeC:\Program Files\Comodo\Chromodo\chromodo_s.dll99dab04b-fd24-11e4-af74-0013a9482bf5
Error: (05/18/2015 01:49:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eIEFRAME.dll8.0.7600.163854a5bda08c0000094000af078106c01d0912e70d6db04C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dllaf97f7a6-fd21-11e4-af74-0013a9482bf5
Error: (05/18/2015 01:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chromodo.exe36.7.0.85513a77echromodo_s.dll36.7.0.85513a73ac00000fd00ac3c8840c01d0912e2b12eb76C:\Program Files\Comodo\Chromodo\chromodo.exeC:\Program Files\Comodo\Chromodo\chromodo_s.dll80015fc0-fd21-11e4-af74-0013a9482bf5
Error: (05/07/2015 11:40:41 PM) (Source: MsiInstaller) (EventID: 1013) (User: PlaneWins-PC)
Description: Producto: Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology -- Ya hay instalada una versión más reciente de Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology. Ahora se saldrá de la instalación.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 64%
Total physical RAM: 2550.18 MB
Available physical RAM: 917.35 MB
Total Pagefile: 5098.64 MB
Available Pagefile: 2227.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:93.16 GB) (Free:78.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 93.2 GB) (Disk ID: 0007A9E7)
Partition 1: (Active) - (Size=93.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-05-18 21:10:07
-----------------------------
21:10:07.521 OS Version: Windows 6.1.7600
21:10:07.522 Number of processors: 2 586 0xF06
21:10:07.527 ComputerName: PLANEWINS-PC UserName: Aviadora
21:10:09.118 Initialize success
21:10:09.422 VM: initialized successfully
21:10:09.424 VM: Intel CPU virtualization not supported
21:10:17.651 AVAST engine download error: 0
21:11:35.675 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:11:35.680 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
21:11:35.872 Disk 0 MBR read successfully
21:11:35.877 Disk 0 MBR scan
21:11:35.883 Disk 0 Windows 7 default MBR code
21:11:35.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95393 MB offset 63
21:11:35.918 Disk 0 default boot code
21:11:35.928 Disk 0 scanning sectors +195366465
21:11:36.710 Disk 0 scanning C:\Windows\system32\drivers
21:11:47.549 Service scanning
21:12:08.557 Modules scanning
21:12:08.945 Disk 0 trace - called modules:
21:12:08.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:12:08.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859cd948]
21:12:09.001 3 CLASSPNP.SYS[89fb659e] -> nt!IofCallDriver -> [0x84c11788]
21:12:09.011 5 ACPI.sys[89a283b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85538908]
21:12:09.020 Disk 0 statistics 83374/0/0 @ 4,20 MB/s
21:12:09.030 Scan finished successfully
21:12:36.962 Disk 0 MBR has been saved successfully to "C:\ProgramData\Shared Space\MBR.dat"
21:12:37.072 The log file has been saved successfully to "C:\ProgramData\Shared Space\aswMBR.txt"
21:25:53.691 Disk 0 MBR has been saved successfully to "C:\Users\Aviadora\Documents\MBR.dat"
21:25:53.708 The log file has been saved successfully to "C:\Users\Aviadora\Documents\aswMBR.txt"
Help me please T_T
Previous topic March 2015: https://forums.spybot.info/showthread.php?72174-My-PC-and-my-3-usb-are-infected-please-help-me
Hello, my name is lilian. I am worried because my internet is under attack everyday and my pc is infected, because is not working good and my browser is infected I think because is not working appropriately, so please I need your help.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Aviadora (administrator) on PLANEWINS-PC on 18-05-2015 21:05:43
Running from C:\ProgramData\Shared Space
Loaded Profiles: Aviadora (Available profiles: Aviadora)
Platform: Microsoft Windows 7 Professional (X86) OS Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Comodo\Dragon\dragon.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(Comodo) C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3IS80\V3Svc.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3IS80\V3SP.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\btplayerctrl.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
() C:\Program Files\Comodo\Dragon\virtual_mode_helper.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
() C:\Program Files\Google\Update\GoogleUpdate.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1359064 2015-05-07] (COMODO)
HKLM\...\Run: [V3 Session Process] => C:\Program Files\AhnLab\V3IS80\V3SP.exe [372664 2015-05-07] (AhnLab, Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe [159536 2015-05-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-05-08] (Comodo Security Solutions, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-05-08]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1775094515-335933959-2663663832-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com?fr=fp-comodo
SearchScopes: HKU\S-1-5-21-1775094515-335933959-2663663832-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://es.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1775094515-335933959-2663663832-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://es.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 200.83.1.5 190.160.0.15 200.30.192.14
Tcpip\..\Interfaces\{198D4E42-84AD-4056-BAB2-8C8B1EC02C55}: [NameServer] 8.26.56.26,8.20.247.20
Tcpip\..\Interfaces\{3DA65897-066F-4A55-9115-B5E0F850C7A8}: [NameServer] 8.26.56.26,8.20.247.20
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2015-05-17] ( Microsoft Corporation)
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bluetooth Device Monitor; C:\Program Files\Intel\Bluetooth\devmonsrv.exe [1124728 2015-05-07] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Intel\Bluetooth\mediasrv.exe [1366392 2015-05-07] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Intel\Bluetooth\obexsrv.exe [1157496 2015-05-07] (Motorola Solutions, Inc.)
R2 ChromodoUpdater; C:\Program Files\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-05-08] (Comodo)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70872 2015-05-08] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4351816 2015-05-07] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664728 2015-05-07] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2370240 2015-05-18] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-05-08] (Comodo Security Solutions, Inc.)
R2 V3 Service; C:\Program Files\AhnLab\V3IS80\V3Svc.exe [265592 2015-05-07] (AhnLab, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AhnActNt; C:\Program Files\AhnLab\V3IS80\AhnACtNt.sys [89088 2012-01-27] (AhnLab, Inc.)
R3 AhnFlt2K; C:\Windows\system32\drivers\AhnFlt2K.sys [53824 2012-10-17] (AhnLab, Inc.)
R3 AhnRec2K; C:\Windows\system32\drivers\AhnRec2K.sys [21696 2012-12-07] (AhnLab, Inc.)
R3 AhnRghNt; C:\Windows\system32\drivers\AhnRghNt.sys [62912 2012-11-07] (AhnLab, Inc.)
R3 AhnSZE; C:\Windows\System32\drivers\AhnSZE.sys [2038208 2015-05-15] (AhnLab, Inc.)
R1 AMonLWLH; C:\Windows\System32\DRIVERS\amonlwlh.sys [41280 2015-05-07] (AhnLab, Inc.)
R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [101696 2012-09-14] (AhnLab, Inc.)
R3 ASZFltNt; C:\Program Files\AhnLab\V3IS80\ASZFltNt.sys [141568 2012-03-21] (AhnLab, Inc.)
R1 ATamptNt_V3IS80; C:\Program Files\AhnLab\V3IS80\ATamptNt.sys [191296 2012-12-10] (AhnLab, Inc.)
R3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [19608 2009-07-21] (AhnLab, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2015-05-08] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [621144 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2015-04-01] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-04-01] (COMODO)
R3 ISFWEnt; C:\Program Files\AhnLab\V3IS80\ISFWEnt.sys [140064 2012-03-21] (AhnLab, Inc.)
R3 ISIPSEnt; C:\Program Files\AhnLab\V3IS80\ISIPSEnt.sys [153416 2012-10-26] (AhnLab, Inc.)
R3 ISPIBEnt; C:\Program Files\AhnLab\V3IS80\ISPIBEnt.sys [128840 2011-07-03] (AhnLab, Inc.)
R3 ISPrxEnt; C:\Program Files\AhnLab\V3IS80\ISPrxEnt.sys [77736 2011-07-03] (AhnLab, Inc.)
R3 MeDCoreD_V3IS80; C:\Program Files\AhnLab\V3IS80\MeDCoreD.sys [867352 2015-04-08] (AhnLab, Inc.)
R3 TfFRegNt; C:\Program Files\AhnLab\V3IS80\TfFRegNt.sys [64448 2012-09-24] (AhnLab, Inc.)
R3 TfProcNt; C:\Program Files\AhnLab\V3IS80\AHAWKENT.sys [31168 2012-09-24] (AhnLab, Inc.)
R1 v3engine; C:\Windows\system32\drivers\v3engine.sys [2774200 2015-05-15] (AhnLab, Inc.)
R1 V3Flt2K; C:\Program Files\AhnLab\V3IS80\V3Flt2k.sys [174784 2012-10-26] (AhnLab, Inc.)
S3 V3Flu2k_V3IS80; C:\Program Files\AhnLab\V3IS80\V3Flu2k.sys [125312 2012-03-21] (AhnLab, Inc.)
R3 V3IFt2K; C:\Program Files\AhnLab\V3IS80\V3Ift2k.sys [79104 2012-03-21] (AhnLab, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-18 21:04 - 2015-05-18 21:04 - 00000000 ____H () C:\Users\Aviadora\Documents\Default.rdp
2015-05-18 21:00 - 2015-05-18 21:05 - 00000000 ____D () C:\FRST
2015-05-18 20:57 - 2015-05-18 20:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PLANEWINS-PC-Windows-7-Professional-(32-bit).dat
2015-05-18 20:55 - 2015-05-18 20:55 - 00000000 ____D () C:\RegBackup
2015-05-18 20:53 - 2015-05-18 20:55 - 00002181 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-18 20:53 - 2015-05-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-18 20:53 - 2015-05-18 20:53 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-05-18 18:55 - 2015-05-18 20:55 - 00872456 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-05-18 18:47 - 2015-05-18 18:47 - 00001929 _____ () C:\Users\Aviadora\Desktop\Virtual Comodo Dragon.lnk
2015-05-18 18:44 - 2015-05-18 18:44 - 00000000 ___HD () C:\VTRoot
2015-05-18 02:43 - 2015-05-18 02:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-05-18 02:13 - 2015-05-18 02:13 - 06962912 _____ (Microsoft Corporation) C:\Users\Aviadora\Downloads\Silverlight.exe
2015-05-18 02:13 - 2015-05-18 02:13 - 00001074 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2015-05-18 02:12 - 2015-05-18 02:12 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2015-05-18 02:12 - 2015-05-18 02:12 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2015-05-18 02:12 - 2015-05-18 02:12 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2015-05-18 02:11 - 2015-05-18 02:11 - 53160152 _____ (Comodo) C:\Users\Aviadora\Downloads\dragonsetup.exe
2015-05-17 23:10 - 2015-05-17 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-17 23:09 - 2015-05-17 23:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 23:01 - 2015-05-17 23:01 - 00002089 _____ () C:\Users\Aviadora\Desktop\Virtual Internet Explorer.lnk
2015-05-08 00:57 - 2015-05-08 00:57 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2015-05-08 00:57 - 2015-05-08 00:57 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2015-05-08 00:51 - 2015-05-08 00:56 - 00024328 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-05-08 00:51 - 2015-05-08 00:56 - 00024296 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.exe
2015-05-07 23:52 - 2015-05-07 23:52 - 00000000 ____D () C:\Users\Aviadora\AppData\Local\DriverToolkit
2015-05-07 23:51 - 2015-05-08 00:28 - 00000000 ____D () C:\Program Files\DriverToolkit
2015-05-07 23:38 - 2015-05-07 23:38 - 00000000 ____D () C:\SWTOOLS
2015-05-07 23:31 - 2015-05-07 23:31 - 00000000 ____D () C:\Program Files\Intel
2015-05-07 22:42 - 2015-05-07 22:43 - 00000000 ____D () C:\Users\Aviadora\AppData\Roaming\SumatraPDF
2015-05-07 22:42 - 2015-05-07 22:42 - 00001875 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2015-05-07 22:42 - 2015-05-07 22:42 - 00000000 ____D () C:\Program Files\SumatraPDF
2015-05-07 22:12 - 2015-05-15 11:37 - 02038208 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\ahnsze.sys
2015-05-07 22:12 - 2015-05-07 22:13 - 00041280 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonLWLH.sys
2015-05-07 22:12 - 2015-05-07 22:12 - 00002013 _____ () C:\Users\Public\Desktop\AhnLab V3 Internet Security 8.0.lnk
2015-05-07 22:12 - 2015-05-07 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AhnLab
2015-05-07 22:12 - 2012-12-07 06:28 - 00021696 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnRec2k.sys
2015-05-07 22:12 - 2012-11-07 02:51 - 00062912 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnRghNt.sys
2015-05-07 22:12 - 2012-10-17 06:03 - 00053824 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnFlt2k.sys
2015-05-07 22:12 - 2012-09-14 03:59 - 00106856 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonTDNt.sys
2015-05-07 22:12 - 2012-09-14 03:59 - 00101696 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonTDLH.sys
2015-05-07 22:12 - 2011-05-26 12:24 - 00053352 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonHKNT.sys
2015-05-07 22:12 - 2010-11-26 03:08 - 00031424 _____ (AhnLab, Inc.) C:\Windows\system32\V3w32se2.dll
2015-05-07 22:12 - 2009-07-21 15:08 - 00019608 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\CdmDrvNt.sys
2015-05-07 22:11 - 2015-05-15 11:37 - 02774200 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\v3engine.sys
2015-05-07 22:11 - 2015-05-15 11:37 - 02708960 _____ (AhnLab, Inc.) C:\Windows\system32\BTScan.exe
2015-05-07 22:10 - 2015-05-07 22:13 - 00014602 _____ () C:\Windows\V3Inst.log
2015-05-07 22:10 - 2015-05-07 22:12 - 00000000 ____D () C:\ProgramData\AhnLab
2015-05-07 22:10 - 2015-05-07 22:10 - 00000000 ____D () C:\Program Files\AhnLab
2015-05-07 21:50 - 2015-05-07 21:47 - 00121401 _____ () C:\Users\Aviadora\Documents\YouTube Video Downloader.zip
2015-05-07 21:03 - 2015-05-07 21:03 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-07 20:45 - 2015-05-07 20:45 - 00000384 _____ () C:\Windows\PFRO.log
2015-04-26 17:23 - 2015-04-26 17:23 - 00002081 _____ () C:\Users\Aviadora\Desktop\Virtual Chromodo.lnk
2015-04-23 16:19 - 2015-04-23 16:19 - 00057560 _____ () C:\Users\Aviadora\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-23 16:18 - 2015-05-18 20:56 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-04-23 16:18 - 2015-05-07 20:43 - 00001985 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-04-23 16:17 - 2015-05-18 21:05 - 00000000 ____D () C:\ProgramData\Shared Space
2015-04-23 16:16 - 2015-05-18 02:13 - 00000000 ____D () C:\Users\Aviadora\AppData\Local\Comodo
2015-04-23 16:16 - 2015-05-18 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-23 16:16 - 2015-04-23 16:16 - 00001080 _____ () C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-04-23 16:15 - 2015-05-18 02:12 - 00000000 ____D () C:\Program Files\Comodo
2015-04-23 16:15 - 2015-04-23 16:18 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-23 16:13 - 2015-03-23 21:00 - 229979832 _____ (COMODO) C:\Users\Aviadora\Desktop\cispremium_installer.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-18 20:27 - 2009-07-14 00:34 - 00009600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-18 20:27 - 2009-07-14 00:34 - 00009600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 18:32 - 2015-04-11 01:17 - 01533016 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 18:27 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 18:27 - 2009-07-14 00:39 - 00027036 _____ () C:\Windows\setupact.log
2015-05-18 02:50 - 2015-04-10 19:05 - 00108144 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 02:43 - 2009-07-13 20:06 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2015-05-18 02:43 - 2009-07-13 20:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2015-05-18 02:43 - 2009-07-13 19:51 - 00034944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-05-08 00:59 - 2014-06-26 01:33 - 00035064 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\CFRMD.sys
2015-05-08 00:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-07 23:00 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-26 16:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-23 16:16 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\restore
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-10 19:02
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by Aviadora at 2015-05-18 21:06:41
Running from C:\ProgramData\Shared Space
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1775094515-335933959-2663663832-500 - Administrator - Disabled)
Aviadora (S-1-5-21-1775094515-335933959-2663663832-1000 - Administrator - Enabled) => C:\Users\Aviadora
HomeGroupUser$ (S-1-5-21-1775094515-335933959-2663663832-1002 - Limited - Enabled)
Invitado (S-1-5-21-1775094515-335933959-2663663832-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AhnLab V3 Internet Security 8.0 (Enabled - Up to date) {8BBDF86F-04C8-0A4B-7501-E800E3793E54}
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AhnLab V3 Internet Security 8.0 (Enabled - Up to date) {30DC198B-22F2-05C5-4FB1-D37298FE74E9}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
FW: AhnLab V3 Internet Security 8.0 (Enabled) {B386794A-4EA7-0B13-5E5E-41351DAA792F}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AhnLab V3 Internet Security 8.0 (HKLM\...\{AF8267C6_8886_4cfd_AAC7_48BCB879743F}) (Version: 8.0.7.1398 - AhnLab, Inc.)
Chromodo (HKLM\...\Chromodo) (Version: 36.7.0.8 - Comodo)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.22 - Comodo)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
GeekBuddy (HKLM\...\{D43B9708-6C72-4797-971D-B878CBF45385}) (Version: 4.19.131 - Comodo Security Solutions Inc)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1304-148929CC1385}) (Version: 3.0.1304.0338 - Intel Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
23-04-2015 16:16:52 Installing COMODO Internet Security Premium
23-04-2015 16:18:09 Instalación del paquete de controladores de dispositivo: COMODO Servicio de red
07-05-2015 21:03:16 Windows Update
07-05-2015 23:30:17 Installed Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {49ABD5D0-5396-4DC4-9043-66E75D603BCD} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-05-07] (COMODO)
Task: {A419D41F-D844-4F61-A8B9-789543E16E58} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-05-07] (COMODO)
Task: {ADA0B208-D43D-49F6-B166-354B7049AA45} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-05-07] (COMODO)
Task: {BBF3377D-E095-48AF-8081-6F53B77964A0} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-05-07] (COMODO)
Task: {CAB08E46-F139-48D9-8B2B-72B595664ED8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-05-07] (COMODO)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (Whitelisted) ==============
2015-03-05 15:44 - 2015-03-05 15:44 - 00976088 _____ () C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll
2015-03-05 15:44 - 2015-03-05 15:44 - 02254552 _____ () C:\Program Files\Comodo\GeekBuddy\QtCore4.dll
2015-03-05 15:44 - 2015-03-05 15:44 - 08024792 _____ () C:\Program Files\Comodo\GeekBuddy\QtGui4.dll
2015-03-05 15:44 - 2015-03-05 15:44 - 00032984 _____ () C:\Program Files\Comodo\GeekBuddy\imageformats\qgif4.dll
2015-03-05 15:44 - 2015-03-05 15:44 - 01299672 _____ () C:\Program Files\Comodo\GeekBuddy\QtScript4.dll
2013-04-15 17:39 - 2015-01-08 18:02 - 00061152 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-03-11 05:29 - 2015-05-18 02:13 - 00149696 _____ () C:\Program Files\Comodo\Dragon\virtual_mode_helper.exe
2015-03-11 05:21 - 2015-03-11 05:21 - 00956608 _____ () C:\Program Files\Comodo\Dragon\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\system32\certsentry.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AMonLWLH.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CFRMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID
AlternateDataStreams: C:\Users\Aviadora\Downloads\dragonsetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Aviadora\Downloads\Silverlight.exe:$CmdTcID
AlternateDataStreams: C:\Users\Aviadora\Downloads\Silverlight.exe:$CmdZnID
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1775094515-335933959-2663663832-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0CED24DE-E874-4235-A316-D02ECF974D23}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{B0DD790F-8D93-42C6-A1DB-B1518862817C}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{15FF47CE-4A91-4CAB-B490-6BF0F7B9603E}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{11EE037E-7B66-4258-92FC-B8E317F18155}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
==================== Faulty Device Manager Devices =============
Name: USB2.0 Web Camera
Description: USB2.0 Web Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Controladora de dispositivo de almacenamiento
Description: Controladora de dispositivo de almacenamiento
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/18/2015 07:52:49 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: No se pudo finalizar una transacción de Windows Installer {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}. Error 1622 al finalizar la transacción.
Error: (05/18/2015 06:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: iexplore.exe, versión: 8.0.7600.16385, marca de tiempo: 0x4a5bc69e
Nombre del módulo con errores: IEFRAME.dll, versión: 8.0.7600.16385, marca de tiempo: 0x4a5bda08
Código de excepción: 0xc0000094
Desplazamiento de errores: 0x000af078
Id. del proceso con errores: 0x1338
Hora de inicio de la aplicación con errores: 0xiexplore.exe0
Ruta de acceso de la aplicación con errores: iexplore.exe1
Ruta de acceso del módulo con errores: iexplore.exe2
Id. del informe: iexplore.exe3
Error: (05/18/2015 02:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: chromodo.exe, versión: 36.7.0.8, marca de tiempo: 0x5513a77e
Nombre del módulo con errores: chromodo_s.dll, versión: 36.7.0.8, marca de tiempo: 0x5513a73a
Código de excepción: 0xc00000fd
Desplazamiento de errores: 0x00ac3c88
Id. del proceso con errores: 0x11ac
Hora de inicio de la aplicación con errores: 0xchromodo.exe0
Ruta de acceso de la aplicación con errores: chromodo.exe1
Ruta de acceso del módulo con errores: chromodo.exe2
Id. del informe: chromodo.exe3
Error: (05/18/2015 01:49:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: iexplore.exe, versión: 8.0.7600.16385, marca de tiempo: 0x4a5bc69e
Nombre del módulo con errores: IEFRAME.dll, versión: 8.0.7600.16385, marca de tiempo: 0x4a5bda08
Código de excepción: 0xc0000094
Desplazamiento de errores: 0x000af078
Id. del proceso con errores: 0x106c
Hora de inicio de la aplicación con errores: 0xiexplore.exe0
Ruta de acceso de la aplicación con errores: iexplore.exe1
Ruta de acceso del módulo con errores: iexplore.exe2
Id. del informe: iexplore.exe3
Error: (05/18/2015 01:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: chromodo.exe, versión: 36.7.0.8, marca de tiempo: 0x5513a77e
Nombre del módulo con errores: chromodo_s.dll, versión: 36.7.0.8, marca de tiempo: 0x5513a73a
Código de excepción: 0xc00000fd
Desplazamiento de errores: 0x00ac3c88
Id. del proceso con errores: 0x40c
Hora de inicio de la aplicación con errores: 0xchromodo.exe0
Ruta de acceso de la aplicación con errores: chromodo.exe1
Ruta de acceso del módulo con errores: chromodo.exe2
Id. del informe: chromodo.exe3
Error: (05/07/2015 11:40:41 PM) (Source: MsiInstaller) (EventID: 1013) (User: PlaneWins-PC)
Description: Producto: Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology -- Ya hay instalada una versión más reciente de Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology. Ahora se saldrá de la instalación.
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis
System errors:
=============
Error: (05/18/2015 01:03:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 0:21:36 del 18/05/2015 resultó inesperado.
Error: (05/08/2015 00:58:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio GeekBuddyRSP Server terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.
Error: (05/08/2015 00:58:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio GeekBuddyRSP Server terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.
Error: (04/28/2015 02:06:46 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.
Error: (04/28/2015 02:06:41 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.
Error: (04/28/2015 02:06:36 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.
Microsoft Office Sessions:
=========================
Error: (05/18/2015 07:52:49 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}1622(NULL)(NULL)(NULL)(NULL)
Error: (05/18/2015 06:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eIEFRAME.dll8.0.7600.163854a5bda08c0000094000af078133801d091bd8bf8918eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dllcbeadb30-fdb0-11e4-b469-0013a9482bf5
Error: (05/18/2015 02:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chromodo.exe36.7.0.85513a77echromodo_s.dll36.7.0.85513a73ac00000fd00ac3c8811ac01d0913142434056C:\Program Files\Comodo\Chromodo\chromodo.exeC:\Program Files\Comodo\Chromodo\chromodo_s.dll99dab04b-fd24-11e4-af74-0013a9482bf5
Error: (05/18/2015 01:49:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eIEFRAME.dll8.0.7600.163854a5bda08c0000094000af078106c01d0912e70d6db04C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dllaf97f7a6-fd21-11e4-af74-0013a9482bf5
Error: (05/18/2015 01:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chromodo.exe36.7.0.85513a77echromodo_s.dll36.7.0.85513a73ac00000fd00ac3c8840c01d0912e2b12eb76C:\Program Files\Comodo\Chromodo\chromodo.exeC:\Program Files\Comodo\Chromodo\chromodo_s.dll80015fc0-fd21-11e4-af74-0013a9482bf5
Error: (05/07/2015 11:40:41 PM) (Source: MsiInstaller) (EventID: 1013) (User: PlaneWins-PC)
Description: Producto: Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology -- Ya hay instalada una versión más reciente de Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology. Ahora se saldrá de la instalación.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis
Error: (05/07/2015 08:45:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 64%
Total physical RAM: 2550.18 MB
Available physical RAM: 917.35 MB
Total Pagefile: 5098.64 MB
Available Pagefile: 2227.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:93.16 GB) (Free:78.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 93.2 GB) (Disk ID: 0007A9E7)
Partition 1: (Active) - (Size=93.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-05-18 21:10:07
-----------------------------
21:10:07.521 OS Version: Windows 6.1.7600
21:10:07.522 Number of processors: 2 586 0xF06
21:10:07.527 ComputerName: PLANEWINS-PC UserName: Aviadora
21:10:09.118 Initialize success
21:10:09.422 VM: initialized successfully
21:10:09.424 VM: Intel CPU virtualization not supported
21:10:17.651 AVAST engine download error: 0
21:11:35.675 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:11:35.680 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
21:11:35.872 Disk 0 MBR read successfully
21:11:35.877 Disk 0 MBR scan
21:11:35.883 Disk 0 Windows 7 default MBR code
21:11:35.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95393 MB offset 63
21:11:35.918 Disk 0 default boot code
21:11:35.928 Disk 0 scanning sectors +195366465
21:11:36.710 Disk 0 scanning C:\Windows\system32\drivers
21:11:47.549 Service scanning
21:12:08.557 Modules scanning
21:12:08.945 Disk 0 trace - called modules:
21:12:08.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:12:08.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859cd948]
21:12:09.001 3 CLASSPNP.SYS[89fb659e] -> nt!IofCallDriver -> [0x84c11788]
21:12:09.011 5 ACPI.sys[89a283b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85538908]
21:12:09.020 Disk 0 statistics 83374/0/0 @ 4,20 MB/s
21:12:09.030 Scan finished successfully
21:12:36.962 Disk 0 MBR has been saved successfully to "C:\ProgramData\Shared Space\MBR.dat"
21:12:37.072 The log file has been saved successfully to "C:\ProgramData\Shared Space\aswMBR.txt"
21:25:53.691 Disk 0 MBR has been saved successfully to "C:\Users\Aviadora\Documents\MBR.dat"
21:25:53.708 The log file has been saved successfully to "C:\Users\Aviadora\Documents\aswMBR.txt"
Help me please T_T