# compute-1.amazonaws.com spyware



## edup_2004

Hello, I would like some help because I keep getting this annoying pop up window from my antivirus. I'm not sure what it causes it but from what I've read in forums it seems to be a spyware.

I'm running windows 7 on my macbook pro for reasons.... but this problem is not limited to this computer. My sister have the same antivirus ESET Smart Security and she also have the same problem.

Here are the windows that pops up. 
(since the picture is in spanish i'll tell you what it says:
Outbound traffic
Internet

Application: System
Publisher: unknown
Remote computer: amazonaws)



















I know I could disable the pop up windows from my antivirus options but the problem is that I shouldn't have to. I would like to remove this spyware for good. Also every time this windows appear it messes up utorrent, although it's probably another different issue.

Oh and before i found about this forum it took an advice and run combofix. I read it would solved my problem in another forum. Probably was not the best idea, sorry. Anyway the windows don't pop up as much as before but they still appear.

So please let me know what I could do to solve this and remove it.

Thanks a lot for your help.

Here is the DDS text:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.31.2
Run by Eduardo at 9:42:26 on 2015-03-20
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.16295.14958 [GMT -5:00]
.
AV: ESET Smart Security 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Firewall personal de ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\kmsem\KMService.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CleanMem\mini_monitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uProxyServer = 172.25.0.209:80
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [MacsFanControl] "C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe" /minimized
uRun: [Mal Updater 2] C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Captura URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Capturar esta pagina - <no file>
IE: Capturar imagen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Capturar seleccion - <no file>
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nueva Nota - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{642342B0-58BC-4A13-ABE3-739078F4B495} : DHCPNameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{7BC184AB-275C-4AA1-A278-2F12A096465A} : DHCPNameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{FBC75C51-5B1D-451C-A338-8F38297D4079} : DHCPNameServer = 10.211.55.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\
FF - prefs.js: browser.search.selectedEngine - GoogleTranslate
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 0c9621bc00000000000068a86d40aa96
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16173
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.318:33:48
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef - 
FF - user.js: extensions.iminent.dfltLng - 
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-6-29 72024]
R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-6-29 16216]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-9-18 74432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-25 203776]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2011-6-29 224640]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2011-6-29 111488]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ClickToRunSvc;Servicio Hacer clic y ejecutar de Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-8-25 2714800]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2011-6-29 17752]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2011-6-29 22872]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-2-4 187072]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2015-3-9 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-13 129600]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-9-23 5087584]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-25 2655768]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2015-2-12 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2015-2-12 302968]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2012-3-25 18944]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\System32\drivers\applemtm.sys [2012-3-25 12288]
R3 applemtp;Apple Multitouch;C:\Windows\System32\drivers\applemtp.sys [2009-11-18 37888]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-3-25 85544]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2012-3-25 18432]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2012-3-25 18432]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2012-3-25 32256]
R3 MT_TRACKPAD;MT test;C:\Windows\System32\drivers\mt_trackpad.sys [2014-4-14 16384]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-9-18 129472]
R3 trackpad_plus_plus_x64;trackpad_plus_plus_x64 Service;C:\Windows\System32\drivers\trackpad_plus_plus_x64.sys [2013-12-22 11136]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-14 114688]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-9-9 96184]
S3 prl_dd;Parallels Display Adapter (WDDM);C:\Windows\System32\drivers\prl_kmdd.sys [2011-9-13 156424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-7 19456]
S3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-12-30 39592]
S3 rzmpos;rzmpos;C:\Windows\System32\drivers\rzmpos.sys [2014-12-30 35496]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-12-30 177832]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-12-7 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-7 30208]
S3 WatAdminSvc;Servicio de tecnologias de activacion de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-25 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-03-20 06:25:37	11910896	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE669658-B3DF-4D2E-9D1A-61570AC545FC}\mpengine.dll
2015-03-19 07:17:13	--------	d-sh--w-	C:\$RECYCLE.BIN
2015-03-14 17:34:59	17920	----a-w-	C:\Windows\System32\appidcertstorecheck.exe
2015-03-14 17:33:07	459336	----a-w-	C:\Windows\System32\drivers\cng.sys
2015-03-10 02:21:08	--------	d-----w-	C:\Program Files\Western Digital
2015-03-10 02:14:03	37184	----a-w-	C:\Windows\System32\drivers\rzpmgrk.sys
2015-02-22 17:02:15	--------	d-----w-	C:\Users\Eduardo\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2015-03-06 05:56:10	95680	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10	155576	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39	210944	----a-w-	C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36	86528	----a-w-	C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35	29184	----a-w-	C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35	136192	----a-w-	C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33	341504	----a-w-	C:\Windows\System32\schannel.dll
2015-03-06 05:42:33	28160	----a-w-	C:\Windows\System32\secur32.dll
2015-03-06 05:42:29	314880	----a-w-	C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29	309760	----a-w-	C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27	728064	----a-w-	C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27	1461760	----a-w-	C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20	22016	----a-w-	C:\Windows\System32\credssp.dll
2015-03-06 05:41:46	31232	----a-w-	C:\Windows\System32\lsass.exe
2015-03-06 05:41:31	64000	----a-w-	C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16	60416	----a-w-	C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57	146432	----a-w-	C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56	686080	----a-w-	C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34	172032	----a-w-	C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30	65536	----a-w-	C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26	248832	----a-w-	C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22	259584	----a-w-	C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22	221184	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18	550912	----a-w-	C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11	17408	----a-w-	C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31	50176	----a-w-	C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50	60416	----a-w-	C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43	146432	----a-w-	C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20	686080	----a-w-	C:\Windows\SysWow64\adtschema.dll
2015-02-26 03:25:44	3204096	----a-w-	C:\Windows\System32\win32k.sys
2015-02-24 15:57:46	98216	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-24 08:17:24	295552	------w-	C:\Windows\System32\MpSigStub.exe
2015-02-20 04:41:01	41984	----a-w-	C:\Windows\System32\lpk.dll
2015-02-20 04:40:59	100864	----a-w-	C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56	14336	----a-w-	C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55	46080	----a-w-	C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49	70656	----a-w-	C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46	10240	----a-w-	C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51	25600	----a-w-	C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16	372224	----a-w-	C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16	299008	----a-w-	C:\Windows\SysWow64\atmfd.dll
2015-02-20 03:06:02	2724864	----a-w-	C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49	4096	----a-w-	C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14	66560	----a-w-	C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29	48640	----a-w-	C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19	584192	----a-w-	C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56	88064	----a-w-	C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17	144384	----a-w-	C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05	114688	----a-w-	C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24	814080	----a-w-	C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34	6035456	----a-w-	C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12	968704	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35	2724864	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57	77824	----a-w-	C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08	503296	----a-w-	C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59	62464	----a-w-	C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13	47616	----a-w-	C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44	64000	----a-w-	C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54	115712	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07	620032	----a-w-	C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06	1359360	----a-w-	C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45	2125824	----a-w-	C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52	60416	----a-w-	C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39	4300288	----a-w-	C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25	2358784	----a-w-	C:\Windows\System32\wininet.dll
2015-02-20 01:24:21	2052608	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19	1155072	----a-w-	C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25	1888256	----a-w-	C:\Windows\SysWow64\wininet.dll
2015-02-18 02:28:37	71344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-18 02:28:37	701616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-12 07:55:50	9728	----a-w-	C:\Windows\SysWow64\RzStats.IPC.dll
2015-02-04 03:16:35	465920	----a-w-	C:\Windows\System32\WMPhoto.dll
2015-02-04 02:54:09	417792	----a-w-	C:\Windows\SysWow64\WMPhoto.dll
2015-02-03 03:34:39	693176	----a-w-	C:\Windows\System32\winload.efi
2015-02-03 03:34:38	5554104	----a-w-	C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36	94656	----a-w-	C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29	616360	----a-w-	C:\Windows\System32\winresume.efi
2015-02-03 03:30:58	631808	----a-w-	C:\Windows\System32\evr.dll
2015-02-03 03:29:19	8704	----a-w-	C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49	2048	----a-w-	C:\Windows\System32\mferror.dll
2015-02-03 03:28:14	6656	----a-w-	C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12	663552	----a-w-	C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31	3973048	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31	3917760	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55	50176	----a-w-	C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48	23040	----a-w-	C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18	12625408	----a-w-	C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03	2048	----a-w-	C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07	6656	----a-w-	C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25	61440	----a-w-	C:\Windows\System32\drivers\appid.sys
2015-01-31 03:48:54	3179520	----a-w-	C:\Windows\System32\rdpcorets.dll
2015-01-31 03:48:54	16384	----a-w-	C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-30 23:56:52	243200	----a-w-	C:\Windows\System32\rdpudd.dll
2015-01-17 02:48:38	1067520	----a-w-	C:\Windows\System32\msctf.dll
2015-01-17 02:30:42	828928	----a-w-	C:\Windows\SysWow64\msctf.dll
2015-01-09 03:14:27	91136	----a-w-	C:\Windows\System32\wdi.dll
2015-01-09 03:14:19	950272	----a-w-	C:\Windows\System32\perftrack.dll
.
============= FINISH: 9:43:29.92 ===============


----------



## chemist

Hello and Welcome to TSF. 

If you haven't already, please *Subscribe to this Thread* to get immediate notification of replies as soon as they are posted. To do this click *Thread Tools*, then click *Subscribe to this Thread*. Make sure it is set to *Instant notification by email*, then click *Add Subscription*.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

*CCleaner*

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague *miekiemoes* has an excellent writeup here

------------------------------------------------------

I see you have *P2P* software ( *uTorrent* ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Did you set a proxy server: 



> uProxyServer = 172.25.0.209:80


------------------------------------------------------

Please download *AdwCleaner* from here and save it to your desktop.

Do NOT click the green 'Download' button(if visible). 
Click the blue 'Download now @bleepingcomputer' button.
Run *AdwCleaner* and select *Scan*
Once the Scan is done, select *Clean*
Once done it will ask to reboot, please allow the reboot. 
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click *FRST64* to run it. When the tool opens click *Yes* to the disclaimer.
Make sure the *Addition.txt* button is ticked. 
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (*Addition.txt*). Please attach it to your reply.
------------------------------------------------------


----------



## edup_2004

Hello, thanks for your answer.

----------------------------------------------------------------------
About Ccleaner, well I try it once and didn't use it anymore since I got Tuneup Utilities, but now the license is gone. I forgot to uninstalled it but I'll do it as soon as I fix this problem. Also thanks for the recommendation with the other software, I'm gonna try it.

----------------------------------------------------------------------
About uTorrent I'm aware that the problem could be the torrent, nevertheless I'm using it only to download from known and trustable fansubs. So that way I could keep the chances of getting infected lower although there's always a chance. But thanks for the recommendation anyway.
---------------------------------------------------------------------
That proxy was set in my last work place, I used when i worked there but now is not enable. I'm not using it anymore. Probably the setting are still untocuhed but the proxy should be disable. Still I'm gonna check it and delete those settings just in case.
---------------------------------------------------------------------
Before posting the results of the scans I would like to ask you about AdwCleaner tool. I'm gonna buy again the license for Eset Smart Security but I'm not sure if that would be enough to keep my laptop cleaned. Should I stilll use the AdwCleaner? Or could you recommend me another tool and I'll look more about it in the forums.
Thanks! 
---------------------------------------------------------------------
I was just about posting the results when this poped up:

















---------------------------------------------------------------------
Anyway, here are the results of the scans:
---------------------------------------------------------------------
# AdwCleaner v4.113 - Logfile created 25/03/2015 at 02:37:03
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Eduardo - EDUARDO-PC
# Running from : C:\Users\Eduardo\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\DriverToolkit
Folder Deleted : C:\Users\Eduardo\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\Eduardo\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\Extensions\[email protected]
Folder Deleted : C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Deleted : C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb
File Deleted : C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\searchplugins\iminent.xml
File Deleted : C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\user.js
File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 172.25.0.209:80

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v31.0 (x86 es-CL)

[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.admin", false);
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.aflt", "orgnl");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.autoRvrt", "false");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.dfltLng", "");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.excTlbr", false);
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.ffxUnstlRst", false);
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.id", "0c9621bc00000000000068a86d40aa96");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.instlDay", "16173");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.instlRef", "");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.newTab", false);
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.prdct", "iminent");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.prtnrId", "iminent");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.rvrt", "false");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.smplGrp", "none");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.vrsn", "1.8.28.3");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.vrsnTs", "1.8.28.318:33:48");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.vrsni", "1.8.28.3");
[y6q9g9od.default\prefs.js] - Line Deleted : user_pref("iminent.enabledAds", "false");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.iminent.com/?appId=CE29395E-3AC2-4090-8B02-51E5A989AEAD&ref=toolbox&q={searchTerms}
[C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.com/s/{searchTerms}
[C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://anidb.net/perl-bin/animedb.pl?show=animelist&adb.search={searchTerms}&do.search=search

*************************

AdwCleaner[R0].txt - [13993 bytes] - [25/03/2015 02:34:29]
AdwCleaner[S0].txt - [14087 bytes] - [25/03/2015 02:37:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14147 bytes] ##########

-------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Eduardo (administrator) on EDUARDO-PC on 25-03-2015 02:44:22
Running from C:\Users\Eduardo\Desktop
Loaded Profiles: Eduardo (Available profiles: Eduardo & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\kmsem\KMService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(PcWinTech.com) C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(CrystalIDEA Software) C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(eden.fm) C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2014-11-10] (Apple Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKU\S-1-5-21-267127970-2240775489-528303677-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-267127970-2240775489-528303677-1000\...\Run: [MacsFanControl] => C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe [1508352 2015-02-14] (CrystalIDEA Software)
HKU\S-1-5-21-267127970-2240775489-528303677-1000\...\Run: [Mal Updater 2] => C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe [2646016 2015-03-08] (eden.fm)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-267127970-2240775489-528303677-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-267127970-2240775489-528303677-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-267127970-2240775489-528303677-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-24] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-10-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-24] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 200.48.225.146 200.48.225.130

FireFox:
========
FF ProfilePath: C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default
FF DefaultSearchEngine: GoogleTranslate
FF SelectedSearchEngine: GoogleTranslate
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF SearchPlugin: C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\searchplugins\googletranslate.xml [2015-02-23]
FF SearchPlugin: C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\searchplugins\twitter-.xml [2014-02-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-cl.xml [2014-07-30]
FF Extension: Pocket - C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\Extensions\[email protected] [2015-03-25]
FF Extension: Twitter Address Bar Search - C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\Extensions\[email protected] [2014-02-25]
FF Extension: Adblock Plus - C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-04-08]

Chrome: 
=======
CHR HomePage: Default -> hxxp://start.iminent.com/?appId=CE29395E-3AC2-4090-8B02-51E5A989AEAD
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-11-05]
CHR Extension: (Google Docs) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-04]
CHR Extension: (Google Drive) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (Please enter your password) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-08-19]
CHR Extension: (YouTube) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-19]
CHR Extension: (Adblock for Youtube™) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2013-08-19]
CHR Extension: (Tampermonkey) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-04-27]
CHR Extension: (Crunchyroll Unblocker) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dldddkdajilplfikaadakojgjocbnjim [2015-03-22]
CHR Extension: (Box) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2013-02-06]
CHR Extension: (Stylish) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-03-10]
CHR Extension: (iCloud Bookmarks) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-10-21]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-02-06]
CHR Extension: (AutoPagerize) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2014-09-10]
CHR Extension: (Dropbox) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-02-06]
CHR Extension: (Bleach Theme2) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbgbfeiijkpelbhpmbdliomlgbdiggho [2013-08-19]
CHR Extension: (HTML5ify) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2013-08-19]
CHR Extension: (rikaikun) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2015-03-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Maps) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-02-06]
CHR Extension: (Pocket) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2013-12-03]
CHR Extension: (OneDrive) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (My Chrome Theme) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-02-06]
CHR Extension: (Flow Colors) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2013-02-14]
CHR Extension: (Gmail) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-09-23] () [File not signed]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [37888 2009-11-18] (Apple Inc.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [46944 2011-07-13] (CSR plc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
R3 MT_TRACKPAD; C:\Windows\System32\drivers\MT_Trackpad.sys [16384 2011-12-02] (n/a) [File not signed]
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 trackpad_plus_plus_x64; C:\Windows\System32\DRIVERS\trackpad_plus_plus_x64.sys [11136 2013-12-22] (Windows (R) Win 7 DDK provider) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 02:44 - 2015-03-25 02:45 - 00021484 _____ () C:\Users\Eduardo\Desktop\FRST.txt
2015-03-25 02:44 - 2015-03-25 02:44 - 00000000 ____D () C:\FRST
2015-03-25 02:42 - 2015-03-25 02:42 - 02095616 _____ (Farbar) C:\Users\Eduardo\Desktop\FRST64.exe
2015-03-25 02:34 - 2015-03-25 02:37 - 00000000 ____D () C:\AdwCleaner
2015-03-25 02:32 - 2015-03-25 02:32 - 02168320 _____ () C:\Users\Eduardo\Desktop\AdwCleaner.exe
2015-03-21 17:22 - 2015-03-21 17:22 - 00017657 _____ () C:\Users\Eduardo\Downloads\KAWD-627_HD.torrent
2015-03-21 16:37 - 2015-03-21 16:37 - 00011629 _____ () C:\Users\Eduardo\Downloads\STAR-426.torrent
2015-03-21 16:31 - 2015-03-21 16:31 - 00055730 _____ () C:\Users\Eduardo\Downloads\[STAR-435]紗倉まな 焦らして高まる、媚薬SEX Mana Sakura.torrent
2015-03-21 16:19 - 2015-03-21 16:19 - 00018002 _____ () C:\Users\Eduardo\Downloads\star470.mp4.torrent
2015-03-21 16:12 - 2015-03-21 16:12 - 00168677 _____ () C:\Users\Eduardo\Downloads\STAR-537 Sakura Mana JAV CENSORED.torrent
2015-03-21 16:09 - 2015-03-21 16:09 - 00015180 _____ () C:\Users\Eduardo\Downloads\(STAR-564) – Mana Sakura (紗倉まな), Miku Abe Osamu (阿部乃みく), Miki Sunohara (春原未来), Ichika Kamihata (神波多一花), 萌芭, Azusa Kirihara (桐原あずさ), Otoha Nanase (乙葉ななせ), Hikaru Kawana (川菜ひかる) – 紗倉まな 4人のレズ巨匠が撮る！本気レズ4本番.mp4.torrent
2015-03-21 16:08 - 2015-03-21 16:08 - 00014703 _____ () C:\Users\Eduardo\Downloads\STAR-357 Kyun Cum First (Heart) The Milk Of Your Mana Sakura Ochi Port ○.torrent
2015-03-21 16:05 - 2015-03-21 16:05 - 00016791 _____ () C:\Users\Eduardo\Downloads\(STAR-576) – Mana Sakura (紗倉まな) – お姉さんの高級ランジェリーに魅せられて….mp4.torrent
2015-03-21 15:56 - 2015-03-21 15:56 - 00014264 _____ () C:\Users\Eduardo\Downloads\(STAR-560) – Madoka Asamiya (麻宮まどか) – AV debut.mp4.torrent
2015-03-21 15:53 - 2015-03-21 15:53 - 00011154 _____ () C:\Users\Eduardo\Downloads\(STAR-565) – Madoka Asamiya (麻宮まどか) – 島育ちの世間知らず上京一人暮らし 敏感イキまくり濃密セックス4本番.mp4.torrent
2015-03-21 15:28 - 2015-03-21 15:28 - 00011404 _____ () C:\Users\Eduardo\Downloads\[BakaBT.151084v0] Koihime.torrent
2015-03-21 03:17 - 2015-03-21 03:17 - 00005578 _____ () C:\Users\Eduardo\Desktop\attach.zip
2015-03-21 03:03 - 2015-03-21 03:03 - 00021814 _____ () C:\Users\Eduardo\Desktop\ark.txt
2015-03-20 09:43 - 2015-03-20 09:43 - 00024324 _____ () C:\Users\Eduardo\Desktop\dds.txt
2015-03-20 09:43 - 2015-03-20 09:43 - 00009415 _____ () C:\Users\Eduardo\Desktop\attach.txt
2015-03-20 09:38 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Eduardo\Desktop\gmer.exe
2015-03-19 02:11 - 2015-03-19 02:11 - 00024492 _____ () C:\Users\Eduardo\Desktop\combo fix.txt
2015-03-19 02:10 - 2015-03-19 02:11 - 00000000 ___SD () C:\32788R22FWJFW
2015-03-19 02:01 - 2015-03-19 02:01 - 00024492 _____ () C:\ComboFix.txt
2015-03-19 01:27 - 2015-03-19 01:56 - 00000000 ____D () C:\Windows\erdnt
2015-03-14 12:35 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-14 12:35 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-14 12:35 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-14 12:35 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-14 12:35 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-14 12:35 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-14 12:35 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-14 12:35 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-14 12:35 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-14 12:35 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-14 12:35 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-14 12:35 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-14 12:35 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-14 12:35 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-14 12:35 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-14 12:35 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-14 12:35 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-14 12:35 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-14 12:35 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-14 12:35 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-14 12:35 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-14 12:35 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-14 12:35 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-14 12:35 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-14 12:35 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-14 12:34 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-14 12:34 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-14 12:34 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-14 12:34 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-14 12:34 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-14 12:34 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-14 12:34 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-14 12:34 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-14 12:34 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-14 12:34 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-14 12:34 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-14 12:34 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-14 12:34 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-14 12:34 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-14 12:33 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-14 12:33 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-14 12:33 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-14 12:33 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-14 12:33 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-14 12:33 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-14 12:33 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-14 12:33 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-14 12:33 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-14 12:33 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-14 12:33 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-14 12:33 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-14 12:33 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-14 12:33 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-14 12:33 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-14 12:33 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-14 12:33 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-14 12:33 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-14 12:33 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-14 12:33 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-14 12:33 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-14 12:33 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-14 12:33 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-14 12:32 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-14 12:32 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-14 12:32 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-14 12:32 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-14 12:32 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-14 12:32 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-14 12:32 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-14 12:32 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-14 12:32 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-14 12:32 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-14 12:32 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-14 12:32 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-14 12:32 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-14 12:32 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-14 12:32 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-14 12:32 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-14 12:32 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-14 12:32 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-14 12:32 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-14 12:32 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-14 12:32 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-14 12:32 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-14 12:32 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-14 12:32 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-14 12:32 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-14 12:32 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-14 12:32 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-14 12:32 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-14 12:32 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-14 12:32 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-14 12:32 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-14 12:32 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-14 12:32 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-14 12:32 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-14 12:32 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-14 12:32 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-14 12:32 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-14 12:32 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-14 12:32 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-14 12:32 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-14 12:32 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-14 12:32 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-14 12:32 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-14 12:32 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-14 12:32 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-14 12:32 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-14 12:32 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-14 12:31 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-14 12:31 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-14 12:31 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-14 12:31 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-14 12:31 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-14 12:31 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-14 12:31 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-14 12:31 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-14 12:31 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-14 12:31 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-14 12:31 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-14 12:31 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-14 12:31 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-14 12:31 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-14 12:31 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-14 12:31 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-14 12:31 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-14 12:31 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-14 12:31 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-14 12:31 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-14 12:31 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-14 12:31 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-14 12:31 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-14 12:31 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-14 12:31 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-14 12:31 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-14 12:31 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-14 12:31 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-14 12:31 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-14 12:31 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-14 12:31 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-14 12:31 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-14 12:31 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-14 00:49 - 2015-03-14 00:49 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2015-03-09 21:25 - 2015-03-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-09 21:21 - 2015-03-09 21:21 - 00000000 ____D () C:\Program Files\Western Digital
2015-03-09 21:14 - 2015-02-04 19:24 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2015-03-09 01:50 - 2015-03-09 01:50 - 00028989 _____ () C:\Users\Eduardo\Downloads\[EROBEAT] Honoo no Haramase Tenkousei - 01-03 [x264].torrent
2015-03-09 01:47 - 2015-03-09 01:47 - 00016978 _____ () C:\Users\Eduardo\Downloads\[BakaBT.157068v0] Spa of Love [BBT-RMX].torrent
2015-03-09 01:45 - 2015-03-09 01:45 - 00011005 _____ () C:\Users\Eduardo\Downloads\[BakaBT.146107v0] Behind Closed Doors.torrent
2015-03-09 01:43 - 2015-03-09 01:43 - 00018928 _____ () C:\Users\Eduardo\Downloads\Family of Debauchery Ep.01-02 [UNCENSORED] [EngSub].torrent
2015-03-09 01:39 - 2015-03-09 01:39 - 00019846 _____ () C:\Users\Eduardo\Downloads\[SubDESU-H] Kunoichi Sakuya 02 [F0996F1E].mkv.torrent
2015-03-09 01:38 - 2015-03-09 01:38 - 00017559 _____ () C:\Users\Eduardo\Downloads\[SubDESU-H]_Kunoichi_Sakuya_-_01_(720x480_x264_AAC)_[A359F03E].mkv.torrent
2015-03-08 14:34 - 2015-03-08 14:34 - 00015387 _____ () C:\Users\Eduardo\Downloads\[BakaBT.129205v1] [RiP] Seraphim Call (DVD Version).torrent
2015-03-08 14:33 - 2015-03-08 14:33 - 00007153 _____ () C:\Users\Eduardo\Downloads\[BakaBT.130336v0] [Ayu]_Kiddy_Grade_2_-_Pilot_[H264_AC3][650B731B].mkv.torrent
2015-03-08 14:31 - 2015-03-08 14:31 - 00083789 _____ () C:\Users\Eduardo\Downloads\[Coalgirls]_Kiddy_Girl-and_(1920x1080_Blu-Ray_FLAC).torrent
2015-03-08 14:24 - 2015-03-08 14:24 - 00045642 _____ () C:\Users\Eduardo\Downloads\[Coalgirls]_Kiddy_Grade_Movie_Trilogy_(960x720_Blu-Ray_FLAC).torrent
2015-03-08 14:22 - 2015-03-08 14:22 - 00101302 _____ () C:\Users\Eduardo\Downloads\[a-S] Kiddy Grade (01-24) (1080p).torrent
2015-03-08 14:18 - 2015-03-08 14:18 - 00016547 _____ () C:\Users\Eduardo\Downloads\Virus_vs_Venus_Complete_Series_Dual_Audio.torrent
2015-03-08 14:15 - 2015-03-08 14:15 - 00144160 _____ () C:\Users\Eduardo\Downloads\El Cazador de la Bruja [Arigatou](2).torrent
2015-03-08 14:08 - 2015-03-08 14:08 - 00024072 _____ () C:\Users\Eduardo\Downloads\Shoujo Kakumei Utena Adolescence Mokushiroku [511D87A2].mkv.torrent
2015-03-08 14:07 - 2015-03-08 14:07 - 00131311 _____ () C:\Users\Eduardo\Downloads\Revolutionary Girl Utena [GrimRipper].torrent
2015-03-08 14:05 - 2015-03-08 14:05 - 00019072 _____ () C:\Users\Eduardo\Downloads\[Elysium]Rin.Daughters.of.Mnemosyne(BD.720p.AAC).torrent
2015-03-08 14:04 - 2015-03-08 14:04 - 00029276 _____ () C:\Users\Eduardo\Downloads\[SHiN-gx] Kyoshiro to Towa no Sora DVD Specials [480p h.264].torrent
2015-03-08 14:03 - 2015-03-08 14:03 - 00021708 _____ () C:\Users\Eduardo\Downloads\[Exiled-Destiny]_Shattered_Angels.torrent
2015-03-08 13:57 - 2015-03-08 13:57 - 00023460 _____ () C:\Users\Eduardo\Downloads\[Exiled-Destiny]_Blue_Drop.torrent
2015-03-08 13:56 - 2015-03-08 13:56 - 00016186 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep08_(1ed80d52).mkv.torrent
2015-03-08 13:56 - 2015-03-08 13:56 - 00015106 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep13_(cc6665d0).mkv.torrent
2015-03-08 13:56 - 2015-03-08 13:56 - 00014506 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep12_(35becb01).mkv.torrent
2015-03-08 13:56 - 2015-03-08 13:56 - 00013866 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep11_(29b35645).mkv.torrent
2015-03-08 13:56 - 2015-03-08 13:56 - 00013806 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep09_(3a75bd9d).mkv.torrent
2015-03-08 13:56 - 2015-03-08 13:56 - 00013266 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep10_(fb577948).mkv.torrent
2015-03-08 13:56 - 2015-03-08 13:56 - 00012366 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep07_(4ac65001).mkv.torrent
2015-03-08 13:55 - 2015-03-08 13:55 - 00014506 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep02_(c5cb1181).mkv.torrent
2015-03-08 13:55 - 2015-03-08 13:55 - 00014406 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep03_(640e9c0b).mkv.torrent
2015-03-08 13:55 - 2015-03-08 13:55 - 00013566 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep01_(5c53d560).mkv.torrent
2015-03-08 13:55 - 2015-03-08 13:55 - 00013446 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep06_(158103d4).mkv.torrent
2015-03-08 13:55 - 2015-03-08 13:55 - 00013246 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep04_(db3cfb4e).mkv.torrent
2015-03-08 13:55 - 2015-03-08 13:55 - 00013226 _____ () C:\Users\Eduardo\Downloads\[Jumonji-Giri]_[SHS][S-Ai][M-F]_Yami_to_Boushi_to_Hon_no_Tabibito_Ep05_(f3c00eaa).mkv.torrent
2015-03-08 13:50 - 2015-03-08 13:50 - 00026723 _____ () C:\Users\Eduardo\Downloads\[Tsundere] Kannazuki no Miko [DVDRip h264 704x480 FLAC] (1).torrent
2015-03-02 09:43 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-02 09:43 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-27 01:20 - 2015-02-27 01:20 - 00002842 _____ () C:\Users\Eduardo\Downloads\[DeadFish] Cowboy Bebop- Ein no Natsuyasumi - Special [BD][1080p][AAC].mp4 (1).torrent
2015-02-27 01:17 - 2015-02-27 01:17 - 00069082 _____ () C:\Users\Eduardo\Downloads\[BakaBT.169558v0] [REVO]Cowboy Bebop Knocking on Heaven's Door[10bit,1080p,FLAC] [97F149A1].mkv.torrent
2015-02-27 01:16 - 2015-02-27 01:16 - 00329742 _____ () C:\Users\Eduardo\Downloads\[EG]Cowboy_Bebop BD (1).torrent
2015-02-27 01:10 - 2015-02-27 01:10 - 00083317 _____ () C:\Users\Eduardo\Downloads\[UTW]_Kara_no_Kyoukai_-_Extra_Chorus_[BD][h264-1080p][FLAC][46FCA8E0].mkv.torrent
2015-02-27 01:10 - 2015-02-27 01:10 - 00056035 _____ () C:\Users\Eduardo\Downloads\[UTW]_Kara_no_Kyoukai_-_Mirai_Fukuin_[BD][h264-1080p_FLAC][76F03FE0].mkv (1).torrent
2015-02-27 01:05 - 2015-02-27 01:05 - 00555991 _____ () C:\Users\Eduardo\Downloads\[Coalgirls]_Kara_no_Kyoukai_(1920x1080_Blu-ray_FLAC) (1).torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 02:43 - 2012-03-25 17:03 - 00754050 _____ () C:\Windows\system32\perfh00A.dat
2015-03-25 02:43 - 2012-03-25 17:03 - 00164456 _____ () C:\Windows\system32\perfc00A.dat
2015-03-25 02:43 - 2009-07-14 00:13 - 01713942 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 02:39 - 2014-11-06 19:06 - 00000000 ____D () C:\Users\Eduardo\AppData\Roaming\Mal Updater
2015-03-25 02:39 - 2014-01-06 12:48 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-03-25 02:39 - 2013-02-04 21:30 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 02:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 02:38 - 2014-12-30 01:57 - 00005738 _____ () C:\Windows\setupact.log
2015-03-25 02:37 - 2012-03-25 19:39 - 01817577 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 02:32 - 2013-02-04 21:30 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 18:01 - 2012-03-25 20:16 - 00000000 ____D () C:\Users\Eduardo\AppData\Roaming\uTorrent
2015-03-23 03:39 - 2009-07-13 23:45 - 00029168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 03:39 - 2009-07-13 23:45 - 00029168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 03:31 - 2013-12-18 19:01 - 00000000 ____D () C:\Users\Eduardo\AppData\Roaming\Skype
2015-03-22 21:20 - 2014-12-30 04:40 - 00440472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-21 20:41 - 2014-09-23 10:20 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-21 20:41 - 2014-09-23 10:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-21 20:41 - 2014-08-24 23:58 - 00000000 ____D () C:\Users\Eduardo\AppData\Local\Adobe
2015-03-21 18:39 - 2014-12-30 04:40 - 00029592 _____ () C:\Windows\PFRO.log
2015-03-21 18:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-19 02:01 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-03-19 01:54 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-19 01:39 - 2014-09-10 09:41 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-18 00:34 - 2013-09-19 01:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-15 02:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-14 21:24 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-14 21:24 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-14 14:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 14:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 03:52 - 2013-09-24 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-09 22:46 - 2015-01-13 09:14 - 00113464 _____ () C:\Users\Eduardo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-09 21:25 - 2014-04-06 21:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-09 21:25 - 2013-12-18 19:01 - 00000000 ____D () C:\ProgramData\Skype
2015-03-09 21:23 - 2014-01-06 12:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-09 21:22 - 2015-01-15 00:50 - 00108008 _____ () C:\Windows\DPINST.LOG
2015-03-09 21:21 - 2014-01-06 12:47 - 00000000 ____D () C:\ProgramData\Western Digital
2015-03-09 21:21 - 2014-01-06 12:47 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-03-09 21:21 - 2014-01-06 12:47 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-03-09 09:01 - 2013-08-14 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-09 08:50 - 2012-03-25 15:41 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 21:15 - 2014-03-10 22:06 - 00000000 ___RD () C:\Users\Eduardo\Desktop\Profile
2015-03-08 13:42 - 2014-11-06 19:06 - 00000000 ____D () C:\Program Files (x86)\Mal Updater 2
2015-02-24 10:59 - 2013-10-28 15:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-24 10:58 - 2014-11-19 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-24 10:57 - 2014-11-19 08:20 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-24 10:57 - 2014-11-19 08:19 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-24 10:57 - 2014-11-19 08:19 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-24 10:57 - 2014-11-19 08:19 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-24 10:57 - 2014-11-19 08:19 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-24 03:17 - 2010-11-20 22:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-10-29 11:14 - 2013-08-16 14:08 - 0513048 _____ () C:\Users\Eduardo\AppData\Local\parallels.log
2014-06-24 14:22 - 2014-06-24 14:22 - 0013354 _____ () C:\Users\Eduardo\AppData\Local\recently-used.xbel
2014-04-26 02:10 - 2014-09-16 19:33 - 0007615 _____ () C:\Users\Eduardo\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Eduardo\AppData\Local\Temp\Quarantine.exe
C:\Users\Eduardo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Eduardo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-03-15 20:17

==================== End Of Log ============================


----------



## chemist

Hello edup_2004. Sorry, I thought I had already replied. 

I highly recommend ESET Smart Security or NOD32. I use them on my machines. 

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. 

Please stay with me until given the 'all clear' even if symptoms seemingly abate. 

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper. 

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution. 

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick. 

Create a system repair disc

------------------------------------------------------

Please go to: *VirusTotal*

Click the *Choose File* button. 
Please copy/paste the following bolded text into the 'File name:' box:

*C:\Windows\SysWOW64\srvany.exe* 


Click *Open* then click the *Scan it!* button just below. 
This will scan the file. Please be patient. 
If you get a message saying File already analyzed: click *Reanalyse*
Once scanned, copy and paste the URL from your browser address bar in your next reply.
Please repeat for the following files:


*C:\Windows\kmsem\KMService.exe* 
*C:\Windows\kmsem\Shadow.KMS*

------------------------------------------------------

I need to see the ComboFix.txt log. 

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

*C:\ComboFix.txt* 

A text file should open. Please copy/paste the contents of that file in your next reply.

------------------------------------------------------


----------



## chemist

Still with us, edup_2004? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed. 

------------------------------------------------------


----------



## edup_2004

Yes, I'm sorry for not answering before. It's just I got a new job and i'm moving to another country this weekend. So I had no time at all to do anything.

I'll be checking you request/answer today or tomorrow, but no longer than that.

Thanks for your help and time.


----------



## chemist

You're welcome. Let me know when you finish those last instructions.


----------



## edup_2004

Here are the results from Virus Total:

C:\Windows\SysWOW64\srvany.exe 
https://www.virustotal.com/en/file/...353101d2e7dc4de2725d1ca1/analysis/1428624905/

C:\Windows\kmsem\KMService.exe
https://www.virustotal.com/en/file/...f4806abfe0632f8ebd7a0d60/analysis/1428625241/

C:\Windows\kmsem\Shadow.KMS
https://www.virustotal.com/en/file/...6e91b6d449add867abf2be54/analysis/1428625352/

_________________________________________________________________

Combo Fix Log:

ComboFix 15-03-14.03 - Eduardo 19/03/2015 1:32.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.16295.12874 [GMT -5:00]
Running from: c:\users\Eduardo\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Firewall personal de ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-02-19 to 2015-03-19 )))))))))))))))))))))))))))))))
.
.
2015-03-19 06:45 . 2015-03-19 06:45	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2015-03-19 06:45 . 2015-03-19 06:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-19 06:45 . 2015-03-19 06:45	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2015-03-18 14:48 . 2015-01-29 09:07	11910896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BD047D1-9497-4FC3-88BA-0612D6790458}\mpengine.dll
2015-03-14 17:34 . 2015-02-03 03:30	102912	----a-w-	c:\program files\Windows Media Player\wmpshare.exe
2015-03-14 17:33 . 2015-03-06 05:56	155576	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-03-14 17:31 . 2015-02-20 23:58	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-03-10 02:25 . 2015-03-10 02:25	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2015-03-10 02:21 . 2015-03-10 02:21	--------	d-----w-	c:\program files\Western Digital
2015-03-10 02:14 . 2015-02-05 00:24	37184	----a-w-	c:\windows\system32\drivers\rzpmgrk.sys
2015-02-22 17:02 . 2015-02-25 06:53	--------	d-----w-	c:\users\Eduardo\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-09 13:50 . 2012-03-25 20:41	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-02-24 15:57 . 2014-11-19 13:19	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-24 08:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-18 02:28 . 2014-09-23 15:20	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-18 02:28 . 2014-09-23 15:20	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-12 07:55 . 2015-02-12 07:55	9728	----a-w-	c:\windows\SysWow64\RzStats.IPC.dll
2015-02-10 10:36 . 2013-09-19 06:47	627912	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-01-09 03:14 . 2015-02-11 03:41	91136	----a-w-	c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 03:41	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 03:41	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 03:41	76800	----a-w-	c:\windows\SysWow64\wdi.dll
2014-12-30 09:35 . 2014-12-30 09:35	35496	----a-w-	c:\windows\system32\drivers\rzmpos.sys
2014-12-30 09:35 . 2014-12-30 09:35	39592	----a-w-	c:\windows\system32\drivers\rzendpt.sys
2014-12-30 09:35 . 2014-12-30 09:35	177832	----a-w-	c:\windows\system32\drivers\rzudd.sys
2014-12-30 09:28 . 2014-12-30 09:28	990720	----a-w-	c:\windows\SysWow64\rzdevicedll.dll
2014-12-30 09:28 . 2014-12-30 09:28	78848	----a-w-	c:\windows\SysWow64\rzvirtualdev.dll
2014-12-30 09:28 . 2014-12-30 09:28	155136	----a-w-	c:\windows\SysWow64\rztouchdll.dll
2014-12-30 09:28 . 2014-12-30 09:28	117248	----a-w-	c:\windows\SysWow64\rzdisplaydll.dll
2014-12-30 09:28 . 2014-12-30 09:28	419840	----a-w-	c:\windows\SysWow64\rzaudiodll.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-03-25 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-03-25 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-23 15:26	222832	----a-w-	c:\users\Eduardo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-23 15:26	222832	----a-w-	c:\users\Eduardo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-23 15:26	222832	----a-w-	c:\users\Eduardo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
"MacsFanControl"="c:\program files (x86)\Macs Fan Control\MacsFanControl.exe" [2015-02-15 1508352]
"Mal Updater 2"="c:\program files (x86)\Mal Updater 2\MalUpdater.exe" [2015-03-08 2646016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-02-12 5564784]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2013-07-10 1694080]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-02-28 590144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 prl_dd;Parallels Display Adapter (WDDM);c:\windows\system32\DRIVERS\prl_kmdd.sys;c:\windows\SYSNATIVE\DRIVERS\prl_kmdd.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
R3 rzmpos;rzmpos;c:\windows\system32\DRIVERS\rzmpos.sys;c:\windows\SYSNATIVE\DRIVERS\rzmpos.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe;c:\windows\SYSNATIVE\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe;c:\windows\SYSNATIVE\AppleTimeSrv.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Servicio Hacer clic y ejecutar de Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys;c:\windows\SYSNATIVE\drivers\KeyAgent.sys [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys;c:\windows\SYSNATIVE\drivers\MacHALDriver.sys [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys;c:\windows\SYSNATIVE\DRIVERS\AppleBtBc.sys [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys;c:\windows\SYSNATIVE\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys;c:\windows\SYSNATIVE\DRIVERS\applemtp.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys;c:\windows\SYSNATIVE\DRIVERS\CS420x64.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys;c:\windows\SYSNATIVE\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys;c:\windows\SYSNATIVE\DRIVERS\KeyMagic.sys [x]
S3 MT_TRACKPAD;MT test;c:\windows\system32\drivers\MT_Trackpad.sys;c:\windows\SYSNATIVE\drivers\MT_Trackpad.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 trackpad_plus_plus_x64;trackpad_plus_plus_x64 Service;c:\windows\system32\DRIVERS\trackpad_plus_plus_x64.sys;c:\windows\SYSNATIVE\DRIVERS\trackpad_plus_plus_x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-12 10:19	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-05 02:30]
.
2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-05 02:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-23 15:26	261744	----a-w-	c:\users\Eduardo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-23 15:26	261744	----a-w-	c:\users\Eduardo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-23 15:26	261744	----a-w-	c:\users\Eduardo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 11:52	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 11:52	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 11:52	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 19:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 19:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 19:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 19:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 19:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2014-11-10 741760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 172.25.0.209:80
uInternet Settings,ProxyOverride = *.local;<local>
IE: Captura URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Capturar esta pagina - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Capturar imagen - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Capturar seleccion - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nueva Nota - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 200.48.225.146 200.48.225.130
FF - ProfilePath - c:\users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\
FF - prefs.js: browser.search.selectedEngine - GoogleTranslate
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 0c9621bc00000000000068a86d40aa96
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16173
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.318:33
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef - 
FF - user.js: extensions.iminent.dfltLng - 
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-267127970-2240775489-528303677-1000\Software\KISS\ｫ0ｹ0ｿ0・・､0ﾉ03*D*]
"InstallPath"="c:\\Users\\Eduardo\\Documents\\Custom Maid 3D\\カスタムメイド3D"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ｫ0ｹ0ｿ0・・､0ﾉ03*D*]
"DisplayName"="カスタムメイド3D"
"UninstallString"="c:\\Users\\Eduardo\\Documents\\Custom Maid 3D\\カスタムメイド3D\\Installer.exe /luninst1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-19 02:01:40
ComboFix-quarantined-files.txt 2015-03-19 07:01
.
Pre-Run: 8,165,720,064 bytes free
Post-Run: 7,987,253,248 bytes libres
.
- - End Of File - - 377F001E5AAFB6D23157EE9E5BE35E27
A36C5E4F47E84449FF07ED3517B43A31

__________________________________________________________________________

Sorry for the delay.

Pd: For the next step I might not answer until next week since I have to travel on Saturday and not sure when I'll be in my new apartment and with internet connection. I hope it's soon.

Thanks for your understanding.


----------



## chemist

Are you running an illegal(pirated) copy of Office?


----------



## edup_2004

I'm not sure, since I didn't install it. I didn't buy the laptop in an apple store but to another person and a lot of software (photoshop, office, etc) was already installed. I only delete most of it and installed only the software I use.

But since it says something about it I would think so. I search also about those 3 files. And the last two of them seems to be part of an illegal software hack.

Anyway if that's the main problem I'm gonna have to get a new copy or license.

I have a laptop which I don't use anymore with windows 7 installed. Is it possible to use the license from that laptop on this one???


----------



## chemist

Hello again, edup_2004. Wait until the end of these instructions for activating Office. The steps are listed at the end. 

------------------------------------------------------

Open Notepad (Start > All Programs > Accessories > Notepad). 

Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste). 
Save it as *fixlist.txt* next to *FRST64.exe*

NOTE: Both *FRST64.exe* and the *fixlist.txt* must be in the same location or the fix will not work.




Code:


start
() C:\Windows\kmsem\KMService.exe
C:\Windows\kmsem
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-09-23] () [File not signed]
C:\Windows\SysWOW64\srvany.exe
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-267127970-2240775489-528303677-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
CHR HomePage: Default -> hxxp://start.iminent.com/?appId=CE29395E-3AC2-4090-8B02-51E5A989AEAD
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
Replace: c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll c:\windows\system32\user32.dll
Replace: c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll c:\windows\SysWOW64\user32.dll
EmptyTemp:
end


Double-click *FRST64* to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the *Fix* button just once, and wait.

If you receive a message that a reboot is required, please make sure you allow it to restart normally. 

The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Check for additional security risks: 

Please download CKScanner© by askey127 and save it to your desktop. 
Double-click on *CKScanner.exe* and click *Search For Files*.
After a very short time, when the cursor hourglass disappears, click *Save List To File*. You will be prompted, just click *OK*.
Post the contents of *ckfiles.txt* in your next reply. It is located on your desktop.
------------------------------------------------------

Is the Office product on your other laptop also Office 365? If not, you will have to uninstall 365, then download and install the other version. 

As long as you have a retail license(key) for your version of Office(not Windows), you should be OK. It really depends on how many times you've used the key, if ever. 

http://support.microsoft.com/kb/950929/

https://products.office.com/en-us/microsoft-software-license-terms-for-office

To find the Office key on your other laptop, download and extract ProdKey: 

http://www.nirsoft.net/utils/produkey.zip

Run *ProduKey.exe* and it will list all your keys. Don't post the results. 

Go Control Panel > (Programs) > Programs and Features then right-click Microsoft Office 365 > Change > Enter a Product Key > Continue

Follow the prompts to activate Office. 

------------------------------------------------------


----------



## chemist

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------


----------

