Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uuniSales 2.0 adWare in Google Chrome


  • This topic is locked This topic is locked
11 replies to this topic

#1 RomanPolanski

RomanPolanski

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 20 January 2015 - 10:06 AM

Hi, I have exactly the same problem Halohockey36 explains on this topic http://www.bleepingcomputer.com/forums/t/562502/help-unnisales-uunisalees-and-uunisales-adware-in-google-chrome/

 

I'd run FRST, Gmer and TDSS-Killer as TB-Psychotic explains. (TDSS-Killer didn't found any malicious objects and didn't produce any kind of log).

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Hector (administrator) on EQUIPO_HECTOR on 20-01-2015 15:21:56
Running from C:\Users\Hector\Downloads
Loaded Profiles: Hector & UpdatusUser (Available profiles: Hector & UpdatusUser)
Platform: Windows 8 Pro (X64) OS Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\NetTime\NetTimeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Spotify Ltd) C:\Users\Hector\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\NetTime\NetTime.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
() C:\Program Files (x86)\USIM Editor\iconcs447609.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [ACPW06EN] => C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1133176 2012-08-31] (ACD Systems)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [113627 2012-06-16] (Oleg N. Scherbakov)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs447609.exe [7041024 2010-07-02] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-12-09] (MyHeritage)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Run: [Spotify Web Helper] => C:\Users\Hector\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\MountPoints2: {2c23ddd0-b3fa-11e3-8013-001b10002aec} - "D:\Startme.exe" 
HKU\S-1-5-21-1695387738-1297253553-3520990962-1004\...\MountPoints2: {de00a8fc-caa3-11e2-be6c-806e6f6e6963} - "E:\Run.exe" 
AppInit_DLLs-x32: c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll => "c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1695387738-1297253553-3520990962-1001 -> {3D3CAC10-567E-40B8-A6BD-8BE77384F4BF} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1695387738-1297253553-3520990962-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: YoutubeAdblocker -> {21D37A47-BD7C-C03C-A831-9C1B8DD66A63} -> C:\Program Files (x86)\YoutubeAdblocker\TP4E.x64.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1695387738-1297253553-3520990962-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @talk.google.com/O3DPlugin -> C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1004: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hector\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Hector\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2013-06-01]
FF Extension: SNT - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\ue6_csl@uqbxtjtabu.com [2014-07-04]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-06-01]
FF Extension: EPUBReader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-06-01]
FF Extension: WOT - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-06-01]
FF Extension: DownloadHelper - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-06-01]
FF Extension: Flash Video Downloader - Youtube Downloader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\artur.dubovoy@gmail.com.xpi [2013-06-01]
FF Extension: Tab Badge - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\badge@darktrojan.net.xpi [2013-06-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-06-01]
FF Extension: Firebug - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\firebug@software.joehewitt.com.xpi [2013-06-01]
FF Extension: MEGA EXTENSION - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\firefox@mega.co.nz.xpi [2013-06-01]
FF Extension: Print Edit - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\printedit@DW-dev.xpi [2013-06-01]
FF Extension: SkipScreen - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\SkipScreen@SkipScreen.xpi [2013-06-01]
FF Extension: Google Translator for Firefox - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\translator@zoli.bod.xpi [2013-06-01]
FF Extension: YouTube to MP3 - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-06-01]
FF Extension: Image Zoom - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-06-01]
FF Extension: PDF Download - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-06-01]
FF Extension: Text Link - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2013-06-01]
FF Extension: FireFTP - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-06-01]
FF Extension: RightToClick - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-01]
FF Extension: Download Statusbar - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-06-01]
FF Extension: Tab Mix Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-06-01]
FF Extension: DownThemAll! - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-01]
FF Extension: Greasemonkey - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (uunisAles) - C:\ProgramData\pbajgboomnojkaegggjkieggjabhaben\ [2013-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [113627 2012-06-16] (Oleg N. Scherbakov) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-18] () [File not signed]
R2 HPSLPSVC; C:\Users\Hector\AppData\Local\Temp\7zS7472\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [450048 2013-03-24] () [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143624 2013-01-10] (Stardock Software, Inc)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 AfaService; C:\Windows\system32\afasrv64.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-05] (Disc Soft Ltd)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 15:21 - 2015-01-20 15:22 - 00025802 _____ () C:\Users\Hector\Downloads\FRST.txt
2015-01-20 15:21 - 2015-01-20 15:21 - 00000000 ____D () C:\FRST
2015-01-20 15:06 - 2015-01-20 15:07 - 00021182 _____ () C:\Users\Hector\Desktop\dds.txt
2015-01-20 15:06 - 2015-01-20 15:07 - 00018722 _____ () C:\Users\Hector\Desktop\attach.txt
2015-01-20 15:04 - 2015-01-20 15:05 - 00688992 ____R (Swearware) C:\Users\Hector\Downloads\dds.com
2015-01-20 14:44 - 2015-01-20 14:44 - 02126848 _____ (Farbar) C:\Users\Hector\Downloads\FRST64.exe
2015-01-20 13:44 - 2015-01-20 13:46 - 00000000 ____D () C:\AdwCleaner
2015-01-20 13:43 - 2015-01-20 13:43 - 02186752 _____ () C:\Users\Hector\Downloads\adwcleaner_4.108.exe
2015-01-19 20:58 - 2015-01-19 20:58 - 00160626 _____ () C:\Users\Hector\Downloads\Lincoln (2012).srt
2015-01-19 20:57 - 2015-01-19 20:57 - 00058504 _____ () C:\Users\Hector\Downloads\lincoln_2012_dvdscr_xvid_hellraz0r.torrent
2015-01-19 16:25 - 2015-01-19 16:25 - 00018117 _____ () C:\Users\Hector\Downloads\[kickass.so]arcade.fire.reflecktor.2cd.proper.320.bubanee.torrent
2015-01-19 13:17 - 2015-01-19 13:17 - 00053443 _____ () C:\Users\Hector\Downloads\Homeland - 02x09 - Two Hats (Español (España)).srt
2015-01-19 13:17 - 2015-01-19 13:17 - 00051317 _____ () C:\Users\Hector\Downloads\Homeland - 02x08 - I'll Fly Away.srt
2015-01-18 15:18 - 2015-01-18 15:18 - 00000936 _____ () C:\Users\UpdatusUser\Desktop\Guitar Pro 5.lnk
2015-01-18 15:18 - 2015-01-18 15:18 - 00000936 _____ () C:\Users\Hector\Desktop\Guitar Pro 5.lnk
2015-01-18 15:18 - 2015-01-18 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
2015-01-18 15:18 - 2015-01-18 15:18 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 5
2015-01-18 15:08 - 2015-01-18 15:08 - 00028019 _____ () C:\Users\Hector\Downloads\[kickass.so]guitar.pro.5.full.version.torrent
2015-01-18 15:07 - 2015-01-18 15:07 - 00004077 _____ () C:\Users\Hector\Downloads\[kickass.so]guitar.pro.5.2.full.serial.completo.torrent
2015-01-18 15:06 - 2015-01-18 15:06 - 01364344 _____ () C:\Users\Hector\Downloads\Descarga desde Identi (MEGA).exe
2015-01-18 15:03 - 2015-01-18 15:03 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration
2015-01-18 15:02 - 2015-01-18 15:02 - 00000000 ____D () C:\ProgramData\pbajgboomnojkaegggjkieggjabhaben
2015-01-18 14:57 - 2015-01-18 14:57 - 01218240 _____ () C:\Users\Hector\Downloads\GTR.PR.Sofw.By.CompucaliTv.Com.rar.exe
2015-01-18 14:51 - 2015-01-18 15:00 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Guitar Pro 6
2015-01-18 14:51 - 2015-01-18 14:51 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2015-01-18 14:49 - 2015-01-18 14:49 - 00019127 _____ () C:\Users\Hector\Downloads\Nirvana - Where Did You Sleep Last Night.gp3
2015-01-18 10:51 - 2015-01-18 10:51 - 00031451 _____ () C:\Users\Hector\Downloads\[kickass.so]linkin.park.discography.320kbps.cbr.mp3.tugazx.torrent
2015-01-17 21:15 - 2015-01-17 21:15 - 00041031 _____ () C:\Users\Hector\Downloads\361931 (1).zip
2015-01-17 21:14 - 2015-01-17 21:14 - 00041031 _____ () C:\Users\Hector\Downloads\361931.zip
2015-01-17 18:14 - 2015-01-17 18:15 - 00000000 ____D () C:\Users\Hector\Desktop\Coldplay 2008 Viva la Vida
2015-01-17 11:49 - 2015-01-17 11:49 - 00000018 _____ () C:\Users\Hector\Desktop\covers.txt
2015-01-16 15:55 - 2015-01-16 15:55 - 00016258 _____ () C:\Users\Hector\Downloads\[kickass.so]miles.davis.steamin.with.the.miles.davis.quintet.1961.jazz.mp3.320.h33t.schon55.torrent
2015-01-16 13:14 - 2015-01-16 13:14 - 00020633 _____ () C:\Users\Hector\Downloads\[kickass.so]miles.davis.bleepes.brew.1969.torrent
2015-01-15 13:57 - 2015-01-15 13:57 - 00057979 _____ () C:\Users\Hector\Downloads\Homeland - 02x04 - New Car Smell  (Español (España)).srt
2015-01-15 12:31 - 2015-01-15 12:31 - 00018363 _____ () C:\Users\Hector\Downloads\367898.rar
2015-01-15 12:28 - 2015-01-15 12:28 - 00050267 _____ () C:\Users\Hector\Downloads\wadjda_2012_bdrip.torrent
2015-01-15 12:27 - 2015-01-15 12:27 - 00018942 _____ () C:\Users\Hector\Downloads\arcticmonkeys-favouriteworstnigh.torrent
2015-01-14 21:42 - 2015-01-14 21:42 - 00015495 _____ () C:\Users\Hector\Downloads\40844.torrent
2015-01-14 21:41 - 2015-01-14 21:41 - 00013247 _____ () C:\Users\Hector\Downloads\nebraska_2013__bdrip_.torrent
2015-01-14 21:38 - 2015-01-14 21:38 - 00013247 _____ () C:\Users\Hector\Downloads\nebraska_2013_bdrip_x264_sparks.torrent
2015-01-14 15:24 - 2014-11-27 03:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 15:24 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 15:24 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 15:24 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 15:24 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 15:24 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 15:24 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 15:24 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 15:24 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 15:23 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 15:23 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 15:23 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 15:23 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 15:23 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 15:21 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:21 - 2014-12-11 08:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:21 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:21 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 15:21 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 15:21 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 15:21 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:21 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 15:21 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 15:21 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 15:21 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 15:21 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 15:21 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 15:21 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 15:21 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 15:20 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:58 - 2015-01-14 14:58 - 00014774 _____ () C:\Users\Hector\Downloads\[kickass.so]tropa.de.elite.spanish.dvdrip.xvid.torrent
2015-01-14 14:57 - 2015-01-14 14:57 - 00028476 _____ () C:\Users\Hector\Downloads\[kickass.so]tropa.de.elite.2007.dvdrip.xvid.v.o.sub.spanish.com.torrent
2015-01-13 20:08 - 2015-01-13 20:08 - 00015020 _____ () C:\Users\Hector\Downloads\inside_llewyn_davis_2013_dvdscr_xvid_ac3_hq_hive_cm8.torrent
2015-01-13 18:37 - 2015-01-13 18:37 - 00000000 ____D () C:\Users\Hector\Desktop\Foo Fighters 2005 In Your Honor
2015-01-12 15:11 - 2015-01-12 15:11 - 00115108 _____ () C:\Users\Hector\Downloads\Gravity_2013_HDRip_XviD_AC3_RBG.torrent
2015-01-11 21:25 - 2015-01-11 21:25 - 00168148 _____ () C:\Users\Hector\Downloads\American Hustle (2013) (1).srt
2015-01-11 21:00 - 2015-01-11 21:00 - 00017046 _____ () C:\Users\Hector\Downloads\a_touch_of_sin_2013_720p_brrip_h264_aac_rarbg.torrent
2015-01-11 20:58 - 2015-01-11 20:58 - 00113820 _____ () C:\Users\Hector\Downloads\12_Years_A_Slave_2013_HDRip_XViD_juggs.torrent
2015-01-11 20:58 - 2015-01-11 20:58 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (5).exe
2015-01-11 16:01 - 2015-01-11 16:01 - 00018615 _____ () C:\Users\Hector\Downloads\[torrentino-net]-si-begg-director-s-cut-2003-flac-lossless.torrent
2015-01-11 15:57 - 2015-01-11 15:57 - 00018263 _____ () C:\Users\Hector\Downloads\[kickass.so]dj.food.and.dk.now.listen.again.2007.zaion.rg.torrent
2015-01-11 11:27 - 2015-01-11 11:27 - 00001330 _____ () C:\Users\Hector\Desktop\jre1.8.0_25 - Acceso directo.lnk
2015-01-10 17:07 - 2015-01-10 17:07 - 00032310 _____ () C:\Users\Hector\Downloads\Homeland.S02E12.HDTV.x264-ASAP.VTV.mp4.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00031160 _____ () C:\Users\Hector\Downloads\Homeland.2x02.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00030758 _____ () C:\Users\Hector\Downloads\Homeland.2x07.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00028891 _____ () C:\Users\Hector\Downloads\Homeland.S02E03.HDTV.x264-ASAP..mp4.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00027038 _____ () C:\Users\Hector\Downloads\Homeland.2x08.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00026818 _____ () C:\Users\Hector\Downloads\Homeland.2x06.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00026598 _____ () C:\Users\Hector\Downloads\Homeland.2x04.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00025340 _____ () C:\Users\Hector\Downloads\Homeland.2x11.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00025178 _____ () C:\Users\Hector\Downloads\Homeland.2x09.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00024860 _____ () C:\Users\Hector\Downloads\Homeland.2x10.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00024287 _____ () C:\Users\Hector\Downloads\Homeland.2x05.HDTV-PROPER-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00008271 _____ () C:\Users\Hector\Downloads\Homeland.2x01.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:06 - 2015-01-10 17:06 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (4).exe
2015-01-10 17:06 - 2015-01-10 17:06 - 00023159 _____ () C:\Users\Hector\Downloads\American.Hustle.DVD.NTSC.Latino.t30321.torrent
2015-01-10 17:04 - 2015-01-10 17:04 - 00020597 _____ () C:\Users\Hector\Downloads\american_hustle_2013_dvdscr_xvid_ac3_fingerblast.torrent
2015-01-10 17:03 - 2015-01-10 17:03 - 00011755 _____ () C:\Users\Hector\Downloads\La_gran_estafa_americana_HDRip.torrent
2015-01-09 00:57 - 2015-01-09 00:57 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (3).exe
2015-01-09 00:57 - 2015-01-09 00:57 - 00000000 _____ () C:\Users\Hector\Downloads\Requiem For A Dream - Directors Cut (2000).torrent
2015-01-09 00:56 - 2015-01-09 00:56 - 00012605 _____ () C:\Users\Hector\Downloads\Life.of.Pi.2012.DVDSCR.XviD.AC3.SBT.t23516.torrent
2015-01-09 00:53 - 2015-01-09 00:53 - 00014704 _____ () C:\Users\Hector\Downloads\[kickass.so]requiem.for.a.dream.excelente.calidad.idioma.ingles.subtitulos.español.torrent
2015-01-08 12:19 - 2015-01-08 12:19 - 00018932 _____ () C:\Users\Hector\Downloads\[kickass.so]breaking.benjamin.phobia.2006.full.album.320kbps.mp3.torrent
2015-01-07 18:40 - 2015-01-07 18:40 - 00026466 _____ () C:\Users\Hector\Downloads\Linkin-Park-2014-The-Hunting-Party_4.torrent
2015-01-06 21:53 - 2015-01-06 21:53 - 00000000 ____D () C:\Users\Hector\Documents\MyHeritage
2015-01-04 23:29 - 2015-01-04 23:29 - 00063957 _____ () C:\Users\Hector\Downloads\to-the-wonder-bluray-1080p.torrent
2015-01-04 23:26 - 2015-01-04 23:26 - 00023140 _____ () C:\Users\Hector\Downloads\to_the_wonder_2012_limited_720p_bluray_x264_geckos.torrent
2015-01-04 23:21 - 2015-01-04 23:21 - 00015059 _____ () C:\Users\Hector\Downloads\[kickass.so]drive.original.motion.picture.soundtrack.320kbps.mp3.torrent
2015-01-04 23:07 - 2015-01-04 23:07 - 00225286 _____ () C:\Users\Hector\Downloads\[kickass.so]federico.fellini.giulietta.degli.spiriti.torrent
2015-01-03 11:03 - 2015-01-03 11:03 - 00065404 _____ () C:\Users\Hector\Downloads\[kickass.so]black.rebel.motorcycle.club.discography.channel.neo.torrent
2015-01-02 15:26 - 2015-01-02 18:19 - 533418159 _____ () C:\Users\Hector\Downloads\qtxvc.Steve.Kuhn.Trio..Plays.Standards.2007.Lossless.rar
2015-01-02 00:40 - 2015-01-02 00:40 - 00000995 _____ () C:\Users\Public\Desktop\eMule.lnk
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Users\Hector\Downloads\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Users\Hector\AppData\Local\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\ProgramData\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Program Files (x86)\eMule
2015-01-02 00:39 - 2015-01-02 00:40 - 03389035 _____ () C:\Users\Hector\Downloads\eMule0.50a-Installer.exe
2015-01-02 00:28 - 2015-01-02 00:28 - 00595040 _____ () C:\Users\Hector\Downloads\Installation.exe
2015-01-02 00:24 - 2015-01-02 00:24 - 00026711 _____ () C:\Users\Hector\Downloads\[kickass.so]divx.ita.subs.en.fr.fellini.il.bidone.torrent
2015-01-01 15:29 - 2015-01-01 15:29 - 00016141 _____ () C:\Users\Hector\Downloads\[kickass.so]linking.park.living.things.full.album.2012.320kbps.mp3.mahiy.torrent
2014-12-31 21:36 - 2014-12-31 21:36 - 00015900 _____ () C:\Users\Hector\Downloads\[kickass.so]la.delgada.linea.roja.hdrip.spanish.torrent
2014-12-31 17:16 - 2014-12-31 17:16 - 00017591 _____ () C:\Users\Hector\Downloads\[kickass.so]charlie.haden.the.best.of.quartet.west.2007.eac.flac.torrent
2014-12-31 11:20 - 2014-12-31 11:20 - 00019216 _____ () C:\Users\Hector\Downloads\[kickass.so]black.rebel.motorcycle.club.full.discography.requested.mp3.2013.320kbps.torrent
2014-12-30 18:58 - 2014-12-30 18:58 - 00016040 _____ () C:\Users\Hector\Downloads\[kickass.so]wilco.being.there.1996.320.kbps.torrent
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 ____D () C:\Program Files\InterActual
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 _____ () C:\Windows\iPlayer.INI
2014-12-29 15:03 - 2014-12-29 15:03 - 00014672 _____ () C:\Users\Hector\Downloads\Delicatessen%5BDivxtotal%5D.avi.c28935.torrent
2014-12-29 15:01 - 2014-12-29 15:01 - 00014410 _____ () C:\Users\Hector\Downloads\Delicatessen_(Delikatesy)_(1991)_[DivX]_[DVDRiP].torrent
2014-12-29 15:00 - 2014-12-29 15:00 - 00045440 _____ () C:\Users\Hector\Downloads\[kickass.so]delicatessen.1991.720p.bluray.x264.don.torrent
2014-12-29 13:57 - 2014-12-29 13:57 - 00018880 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.permutation.1998.torrent
2014-12-29 13:56 - 2014-12-29 13:56 - 00072794 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.discography.lossless.flac.torrent
2014-12-29 13:55 - 2014-12-29 13:55 - 00012001 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.permutation.torrent
2014-12-28 16:39 - 2014-12-28 16:40 - 03900888 _____ (http://yourfile-downloader.com) C:\Users\Hector\Downloads\YourFile_downloader.exe
2014-12-28 16:38 - 2014-12-28 16:38 - 00000000 _____ () C:\Users\Hector\Downloads\2ba25939b5d5317d86dcd24ea13aff2a53bd2be5.torrent
2014-12-27 23:36 - 2014-12-27 23:36 - 00013722 _____ () C:\Users\Hector\Downloads\[kickass.so]le.notti.di.cabiria.aka.nights.of.cabiria.1957.federico.fell.torrent
2014-12-27 23:33 - 2014-12-27 23:33 - 00081907 _____ () C:\Users\Hector\Downloads\[kickass.so]le.notti.di.cabiria.aka.nights.of.cabiria.federico.fellini.torrent
2014-12-26 19:57 - 2014-12-26 19:57 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (2).exe
2014-12-26 19:57 - 2014-12-26 19:57 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (1).exe
2014-12-26 19:56 - 2014-12-26 19:56 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria.exe
2014-12-26 19:37 - 2014-12-26 19:37 - 00431008 _____ () C:\Users\Hector\Downloads\FileDownloadedSuccessfully_downloader-N9PX3TSDB.exe
2014-12-26 19:34 - 2014-12-26 19:34 - 00095002 _____ () C:\Users\Hector\Downloads\Nights_of_Cabiria_(Le_Notti_di_Cabiria)_-_(1957)_[TTU_RG].torrent
2014-12-25 18:51 - 2014-12-25 18:51 - 00044555 _____ () C:\Users\Hector\Downloads\[kickass.so]la.dolce.vita.fellini.1960.ita.esp.torrent
2014-12-25 17:08 - 2014-12-25 17:08 - 00020955 _____ () C:\Users\Hector\Downloads\[limetorrents.cc]Inmigrantes-.L.A..Dolce.Vita.[DVDrip][XViD][Espanol][Spanish].torrent
2014-12-25 17:00 - 2014-12-25 17:00 - 00020889 _____ () C:\Users\Hector\Downloads\33609.torrent
2014-12-25 16:53 - 2014-12-25 16:53 - 00021296 _____ () C:\Users\Hector\Downloads\[kickass.so]inmigrantes.l.a.dolce.vita.dvdrip.spanish.torrent
2014-12-24 15:29 - 2014-12-24 15:29 - 00026082 _____ () C:\Users\Hector\Downloads\elextraordinarioviajedetsspivetdvdxvidwwwdivxtotalco.t44901.torrent
2014-12-24 15:21 - 2014-12-24 15:21 - 00018194 _____ () C:\Users\Hector\Downloads\[kickass.so]el.extraordinario.viaje.de.t.s.spivet.bluray.screener.español.castellano.2014.torrent
2014-12-22 15:35 - 2014-12-22 15:35 - 00014623 _____ () C:\Users\Hector\Downloads\[kickass.so]largo.domingo.de.noviazgo.dvdrip.spanish.avi.torrent
2014-12-21 11:55 - 2014-12-21 11:55 - 00015165 _____ () C:\Users\Hector\Downloads\django_unchained_2012_bdrip_xvid_sparks.torrent
2014-12-21 11:52 - 2014-12-21 11:52 - 00013829 _____ () C:\Users\Hector\Downloads\Django-desencadenado-HDRip(EliteTorrent).torrent
2014-12-21 11:50 - 2014-12-21 11:50 - 00018121 _____ () C:\Users\Hector\Downloads\[kickass.so]django.unchained.1080p.hd.appletv.spanish.subs.andibit.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 15:22 - 2013-06-01 12:01 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 15:16 - 2013-06-01 11:56 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-20 14:38 - 2013-06-01 12:22 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1695387738-1297253553-3520990962-1001
2015-01-20 14:37 - 2012-07-26 12:21 - 00799076 _____ () C:\Windows\system32\perfh00A.dat
2015-01-20 14:37 - 2012-07-26 12:21 - 00163386 _____ () C:\Windows\system32\perfc00A.dat
2015-01-20 14:37 - 2012-07-26 08:28 - 01801978 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 14:33 - 2013-08-05 13:34 - 00728064 ___SH () C:\Users\Hector\Desktop\Thumbs.db
2015-01-20 14:33 - 2013-06-01 12:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-20 14:33 - 2013-06-01 11:56 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 14:33 - 2013-06-01 11:22 - 00000000 ____D () C:\Program Files\KMSpico
2015-01-20 14:33 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 14:24 - 2014-05-14 22:57 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Azureus
2015-01-20 14:24 - 2013-09-23 20:03 - 00000000 ____D () C:\Users\Hector\AppData\Local\CrashDumps
2015-01-20 14:24 - 2013-08-28 10:03 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\DAEMON Tools Lite
2015-01-20 14:24 - 2013-06-01 12:14 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\uTorrent
2015-01-20 13:47 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-20 13:46 - 2013-06-01 12:17 - 00000975 _____ () C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 13:46 - 2013-06-01 12:14 - 00000812 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-20 13:46 - 2013-06-01 12:01 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 13:46 - 2013-06-01 11:25 - 00000000 ____D () C:\Users\Hector
2015-01-20 01:12 - 2014-07-04 10:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 01:01 - 2013-06-08 12:50 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\vlc
2015-01-19 21:58 - 2014-07-08 08:35 - 00000000 ____D () C:\Users\Hector\Desktop\Torrent
2015-01-19 20:53 - 2012-07-26 12:25 - 00000000 ____D () C:\Windows\SKB
2015-01-19 20:42 - 2014-07-04 10:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 20:42 - 2014-07-04 10:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 19:49 - 2013-08-03 07:28 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Spotify
2015-01-19 16:24 - 2013-08-03 07:29 - 00000000 ____D () C:\Users\Hector\AppData\Local\Spotify
2015-01-19 14:51 - 2014-06-13 19:28 - 00000000 ____D () C:\Users\Hector\Documents\Dibujos
2015-01-19 13:14 - 2014-11-23 13:57 - 00434440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 12:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-15 01:24 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-15 01:23 - 2013-09-07 13:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 01:16 - 2013-03-23 21:13 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 11:22 - 2014-11-20 22:29 - 00000000 ____D () C:\Program Files (x86)\ePSXe
2015-01-06 00:28 - 2014-07-11 15:31 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 00:28 - 2014-07-11 15:31 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 12:14 - 2013-03-23 21:16 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 17:27 - 2013-11-19 21:54 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\dvdcss
2014-12-26 20:21 - 2014-11-21 01:18 - 00000000 ____D () C:\Users\Hector\Documents\Proyectos
2014-12-26 01:32 - 2014-07-05 11:25 - 00000000 ____D () C:\Users\Hector\Documents\Escritos
2014-12-21 01:57 - 2013-08-12 20:52 - 00000000 ____D () C:\Users\Hector\Documents\Mapas

==================== Files in the root of some directories =======
2013-09-01 16:33 - 2013-09-01 16:33 - 0000058 _____ () C:\Users\Hector\AppData\Roaming\WB.CFG
2013-09-01 16:33 - 2013-09-01 16:33 - 0000005 _____ () C:\Users\Hector\AppData\Roaming\WBPU-TTL.DAT

Some content of TEMP:
====================
C:\Users\Hector\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 13:42

==================== End Of Log ============================ 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Hector at 2015-01-20 15:22:30
Running from C:\Users\Hector\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 4.57 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
ACDSee Pro 6 (HKLM-x32\...\{D40B2C78-30CA-4A8F-A157-C86B491C73AF}) (Version: 6.0.169 - ACD Systems International Inc.)
Actualización de NVIDIA 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\{346137E0-7160-403B-AD21-3FF01D25037B}) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}) (Version: 12.0.0.112 - Adobe Systems, Inc)
Amazon Kindle (HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Amazon Kindle) (Version:  - Amazon)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.6.5.2 (HKLM\...\ARIA Engine_is1) (Version: v1.6.5.2 - Plogue Art et Technologie, Inc)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
calibre (HKLM-x32\...\{54ED2E2F-68EE-461C-888C-DB7EBE85C340}) (Version: 1.35.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CDisplay (HKLM-x32\...\{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}) (Version: 1.8.5 - CDisplay)
Celestia 1.6.1 (HKLM-x32\...\Celestia_is1) (Version:  - Shatters Software)
Celtx (2.9.1) (HKLM-x32\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
CVPiano-Modeled (HKLM-x32\...\CVPiano-Modeled) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
eMule (HKLM-x32\...\eMule) (Version:  - )
ePSXe - Dr.Emuler Retail 1.9.0 (HKLM-x32\...\ePSXe - Dr.Emuler Retail 1.9.0) (Version:  - )
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.0 - Toontrack)
EZXTwisted (HKLM-x32\...\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}) (Version: 1.0 - Toontrack)
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Fontlab Studio 5 (HKLM-x32\...\Studio 5.2_is1) (Version: 5.2 - FontLab)
Garritan ARIA Player v1.620 (HKLM\...\__ARIA_1012___is1) (Version: v1.6.2.0 - Garritan)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{E52F8D95-AEB5-3B67-879C-C59DF8AF88EE}) (Version: 3.7.1.9330 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KingfisherCore (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}) (Version:  - BugExterminator) <==== ATTENTION
K-Lite Codec Pack 9.8.4 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.8.4 - )
K-Lite Codec Pack 9.8.4 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.4 - )
KMSpico 4.4.1 (HKLM\...\KMSpico v4.4.1_is1) (Version: 4.4.1 - )
Lexicon Omega Driver (HKLM-x32\...\Lexicon Omega Driver) (Version: 2.7 - Lexicon)
Lexicon Omega Driver (Version: 2.7 - Lexicon) Hidden
Lexicon Omega Software (remove only) (HKLM-x32\...\Omega ASIO driver) (Version:  - )
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{7547239C-FA8A-4FA4-84A6-31EAC0777E1B}) (Version: 2.7.341 - Sony)
Media Go Network Downloader (HKLM-x32\...\{73FA7631-3015-4EEC-A002-09488C47A07C}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.103.12040 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.103.12040 - Sony)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 19.0 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 19.0 (x86 es-ES)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7129 - MyHeritage.com)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
NetTime (HKLM-x32\...\NetTime_is1) (Version:  - Mark Griffiths)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.3 - )
NVIDIA Controlador de 3D Vision 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera 12.12 (HKLM\...\Opera 12.12.1707) (Version: 12.12.1707 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Panel de control de NVIDIA 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Renta 2013 1.21 (HKLM-x32\...\2285-3920-8902-9260) (Version: 1.21 - AEAT)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spotify (HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Start8 (HKLM\...\Start8_is1) (Version: 1.1 - Stardock Corporation)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Steinberg Virtual Bassist v1.0.0.504 (HKLM-x32\...\Steinberg Virtual Bassist v1.0.0.504) (Version:  - )
Street Fighter Alpha 3  PC [Hyperdrive25] 1.00 (HKLM-x32\...\Street Fighter Alpha 3  PC [Hyperdrive25] 1.00) (Version:  - )
Syncrosoft License Control (HKLM-x32\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)
Trilogy (HKLM-x32\...\Trilogy_is1) (Version:  - Spectrasonics, Inc.)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
USIM Editor 1.0.35.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version:  - )
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Waves Diamond Bundle v5.0 (HKLM-x32\...\Waves Diamond Bundle v5.0) (Version:  - )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-12-2014 13:41:32 Punto de control programado
06-01-2015 22:41:59 Punto de control programado
15-01-2015 01:16:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2013-06-01 12:16 - 00002323 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	ec2-23-20-61-125.compute-1.amazonaws.com:443
127.0.0.1	ec2-107-20-222-218.compute-1.amazonaws.com:443
127.0.0.1	*.compute-1.amazonaws.com:443
127.0.0.1	acdid.acdsystems.com
127.0.0.1	localhost
127.0.0.1	adobeereg.com
127.0.0.1	wwis-dubc1-vip60.adobe.com
127.0.0.1	3dns-3.adobe.com
127.0.0.1	3dns-2.adobe.com
127.0.0.1	activate.adobe.com
127.0.0.1	activate.adobe.com:443
127.0.0.1	activate-sea.adobe.com
127.0.0.1	activate-sjc0.adobe.com
127.0.0.1	activate.wip3.adobe.com
127.0.0.1	192.150.18.108
127.0.0.1	adobeereg.com
127.0.0.1	adobe-dns.adobe.com
127.0.0.1	adobe-dns-2.adobe.com
127.0.0.1	adobe-dns-3.adobe.com
127.0.0.1	ereg.wip3.adobe.com
127.0.0.1	ereg.adobe.com
127.0.0.1	practivate.adobe.com
127.0.0.1	wip3.adobe.com
127.0.0.1  adobeid-na1.services.adobe.com:443
127.0.0.1  a72-247-179-235.deploy.akamaitechnologies.com:443
127.0.0.1  adobeid-na1.services.adobe.com
127.0.0.1  a72-247-179-235.deploy.akamaitechnologies.com
127.0.0.1  www-da1.adobe.com

There are 9 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {060767BF-A8AD-4D2E-9013-9DA89520F2A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {1C8E5C2D-75E0-4B07-86DB-8DF04F284170} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-01] (Adobe Systems Incorporated)
Task: {2077BEEF-B4CF-4BA8-AD1B-4110F97FDFEE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {3CC315E6-4C85-4E4A-9F7C-63396E20D32A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5D02DD85-D12E-4AC5-8E85-09C5817EC2AA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5D15C818-186D-4B6D-A735-061F44D9ABD1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {9101B42C-9C76-48DD-A414-504A45F48A1B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
Task: {94E535A5-9D0F-45C4-AA2D-FB2E39EA475F} - System32\Tasks\{9E736623-A4F0-4C29-B7F4-8BF4B9ADF316} => pcalua.exe -a "C:\Users\Hector\Desktop\Steinberg Virtual Bassist 1.0.0.504I SO\setup.exe" -d "C:\Users\Hector\Desktop\Steinberg Virtual Bassist 1.0.0.504I SO"
Task: {CE7B5C1D-02E1-416E-AEC4-2B363233164C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EEB08202-40BF-4C64-8187-78D542346B92} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {EF5C4DC4-00BF-4890-8127-E1C12055FF73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F7C28BE3-7662-4F68-9F26-9C8D5F61C61D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-17 10:24 - 2012-01-17 10:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-06-01 12:01 - 2012-05-12 00:27 - 00473088 _____ () C:\Program Files (x86)\NetTime\NetTimeService.exe
2013-06-01 11:22 - 2013-03-24 14:37 - 00450048 ___SH () C:\Program Files\KMSpico\Service_KMS.exe
2013-06-01 12:01 - 2012-05-12 08:28 - 00772096 _____ () C:\Program Files (x86)\NetTime\NetTime.exe
2013-06-01 13:21 - 2010-07-02 10:07 - 07041024 _____ () C:\Program Files (x86)\USIM Editor\iconcs447609.exe
2012-07-25 21:44 - 2012-07-25 21:35 - 00129024 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd
2012-07-25 21:44 - 2012-07-25 21:35 - 00036864 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2014-11-30 13:54 - 2014-11-30 13:54 - 00295936 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\19b3a0667450d039aa3ebef43d489fe7\Windows.Foundation.ni.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-26 19:18 - 2014-04-24 01:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-26 19:18 - 2014-04-24 01:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-26 19:18 - 2014-04-24 01:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-26 19:18 - 2014-04-24 01:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-26 19:18 - 2014-04-24 01:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-26 19:18 - 2014-04-24 01:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-11-21 15:12 - 2014-11-21 15:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e5fff0dbaa6ea962dc3bd611929ad347\PSIClient.ni.dll
2013-06-01 12:52 - 2012-07-18 10:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-26 19:18 - 2014-04-24 01:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrador (S-1-5-21-1695387738-1297253553-3520990962-500 - Administrator - Disabled)
Hector (S-1-5-21-1695387738-1297253553-3520990962-1001 - Administrator - Enabled) => C:\Users\Hector
HomeGroupUser$ (S-1-5-21-1695387738-1297253553-3520990962-1003 - Limited - Enabled)
Invitado (S-1-5-21-1695387738-1297253553-3520990962-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1695387738-1297253553-3520990962-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 02:55:21 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: 

Error: (01/20/2015 02:55:21 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: 

Error: (01/20/2015 02:53:20 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/20/2015 02:53:20 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\perfos.dllPerfOS4

Error: (01/20/2015 02:53:20 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: 

Error: (01/20/2015 02:53:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/20/2015 02:33:40 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/20/2015 02:33:40 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/20/2015 01:48:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/20/2015 01:48:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]


System errors:
=============
Error: (01/20/2015 02:33:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Afa Card Reader Service no pudo iniciarse debido al siguiente error: 
%%2

Error: (01/20/2015 02:33:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Adobe Acrobat Update Service.

Error: (01/20/2015 02:33:05 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Error en la inicialización del archivo de volcado

Error: (01/20/2015 02:32:43 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: El servicio Cliente de directiva de grupo no se cerró correctamente después de recibir un control de aviso de apagado.

Error: (01/20/2015 01:47:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Afa Card Reader Service no pudo iniciarse debido al siguiente error: 
%%2

Error: (01/20/2015 01:47:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Adobe Acrobat Update Service.

Error: (01/20/2015 01:47:34 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Error en la inicialización del archivo de volcado

Error: (01/20/2015 01:46:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Servicio del iPod se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/20/2015 01:46:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Tecnología de almacenamiento Intel(R) Rapid se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/20/2015 01:46:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) ME Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


Microsoft Office Sessions:
=========================
Error: (01/20/2015 02:55:21 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: 

Error: (01/20/2015 02:55:21 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: 

Error: (01/20/2015 02:53:20 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/20/2015 02:53:20 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\perfos.dllPerfOS4

Error: (01/20/2015 02:53:20 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: 

Error: (01/20/2015 02:53:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/20/2015 02:33:40 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/20/2015 02:33:40 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/20/2015 01:48:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/20/2015 01:48:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8138.14 MB
Available physical RAM: 6090.64 MB
Total Pagefile: 8138.14 MB
Available Pagefile: 5596.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:570.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 61E21A09)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================ 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-20 15:47:17
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039 WDC_WD10EZEX-00ZF5A0 rev.80.00A80 931,51GB
Running: zrx1jslo.exe; Driver: C:\Users\Hector\AppData\Local\Temp\kxdyifoc.sys


---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [612:648]                                                                                                                                                        fffff9600094f5e8
---- Processes - GMER 2.1 ----

Library  c:\users\hector\appdata\local\temp\7zs7472\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4780] (HP Network Devices Support/Hewlett-Packard Co.)(2013-06-09 15:51:46)  0000000180000000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                              -1333495906
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10002aec                                                                                                                    

---- EOF - GMER 2.1 ----
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17183  BrowserJavaVersion: 11.25.2
Run by Hector at 15:06:12 on 2015-01-20
Microsoft Windows 8 Pro  6.2.9200.0.1252.34.3082.18.8138.6203 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NetTime\NetTimeService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\KMSpico\Service_KMS.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\Hector\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\NetTime\NetTime.exe
C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
C:\Program Files (x86)\USIM Editor\iconcs447609.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\Hector\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NetTime] C:\Program Files (x86)\NetTime\NetTime.exe
mRun: [ACPW06EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs447609.exe RunFromReg
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
IE: &Enviar a OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{6B406E51-794A-40AC-967E-7822B4E74077} : DHCPNameServer = 192.168.0.1 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: YoutubeAdblocker: {21D37A47-BD7C-C03C-A831-9C1B8DD66A63} - 
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll
FF - plugin: C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
FF - plugin: C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-6-1 647736]
R1 AppleCharger;AppleCharger;C:\Windows\System32\Drivers\AppleCharger.sys [2013-6-1 22680]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 IAStorDataMgrSvc;Tecnología de almacenamiento Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-1 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-1 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-1 166720]
R2 NetTimeSvc;NetTime;C:\Program Files (x86)\NetTime\NetTimeService.exe [2013-6-1 473088]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 15122208]
R2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2013-6-1 450048]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-6-1 143624]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-1 365376]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-12-5 283064]
R3 MHIKEY10;MHIKEY10;C:\Windows\System32\Drivers\MHIKEY10x64.sys [2010-9-15 60288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2013-10-29 39200]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-6-1 683664]
S2 AfaService;Afa Card Reader Service;C:\Windows\System32\afasrv64.exe --> C:\Windows\System32\afasrv64.exe [?]
S2 d65a1a66;TampaGeneration;C:\Windows\System32\rundll32.exe [2012-7-26 51712]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-3-25 155824]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Proveedor de bus de máquina virtual;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2015-01-20 12:44:14 -------- d-----w- C:\AdwCleaner
2015-01-19 20:14:25 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7732FCA3-ABAC-4EF0-B3A3-A231DD836F08}\mpengine.dll
2015-01-18 14:18:20 -------- d-----w- C:\Program Files (x86)\Guitar Pro 5
2015-01-18 14:03:09 -------- d-----w- C:\Program Files (x86)\TampaGeneration
2015-01-18 14:02:22 -------- d-----w- C:\ProgramData\pbajgboomnojkaegggjkieggjabhaben
2015-01-18 13:51:10 -------- d-----w- C:\Users\Hector\AppData\Roaming\Guitar Pro 6
2015-01-18 13:51:10 -------- d-----w- C:\ProgramData\Guitar Pro 6
2015-01-18 13:35:35 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-01-14 14:23:25 1024512 ----a-w- C:\Windows\System32\localspl.dll
2015-01-14 14:23:24 733184 ----a-w- C:\Windows\System32\win32spl.dll
2015-01-14 14:23:24 499008 ----a-w- C:\Windows\System32\drivers\vhdmp.sys
2015-01-14 14:23:24 417280 ----a-w- C:\Windows\System32\services.exe
2015-01-14 14:20:04 142336 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-01 23:40:56 -------- d-----w- C:\ProgramData\eMule
2015-01-01 23:40:37 -------- d-----w- C:\Users\Hector\AppData\Local\eMule
2015-01-01 23:40:36 -------- d-----w- C:\Program Files (x86)\eMule
2014-12-29 16:30:27 -------- d-----w- C:\Program Files\InterActual
.
==================== Find3M  ====================
.
2015-01-20 00:12:54 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-05 23:28:00 714176 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-05 23:28:00 106440 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 06:48:06 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-11 07:35:53 6973248 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-12-11 06:51:31 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-09 07:12:44 590816 ----a-w- C:\Windows\System32\AutoUpdate.exe
2014-12-09 07:12:44 467408 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-12-06 07:53:45 26112 ----a-w- C:\Windows\System32\WerFaultSecure.exe
2014-12-06 07:53:06 458240 ----a-w- C:\Windows\System32\wer.dll
2014-12-06 07:52:05 72192 ----a-w- C:\Windows\System32\nlaapi.dll
2014-12-06 07:52:05 357376 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 07:52:04 384000 ----a-w- C:\Windows\System32\ncsi.dll
2014-12-06 07:51:25 370688 ----a-w- C:\Windows\System32\Faultrep.dll
2014-12-06 07:51:23 267264 ----a-w- C:\Windows\System32\EncDump.dll
2014-12-06 07:50:57 783872 ----a-w- C:\Windows\System32\audiosrv.dll
2014-12-06 06:10:35 23552 ----a-w- C:\Windows\SysWow64\WerFaultSecure.exe
2014-12-06 06:10:11 355840 ----a-w- C:\Windows\SysWow64\wer.dll
2014-12-06 06:09:41 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 06:09:13 332800 ----a-w- C:\Windows\SysWow64\Faultrep.dll
2014-11-27 02:40:45 600576 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-27 01:28:52 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-25 16:16:23 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-21 08:38:00 2237952 ----a-w- C:\Windows\System32\wininet.dll
2014-11-21 08:37:51 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-11-21 08:37:51 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-11-21 08:36:24 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-21 08:36:17 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-21 08:36:17 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-11-21 08:35:42 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-21 07:17:51 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 07:17:44 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-11-21 07:16:46 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-21 07:16:42 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-21 07:16:42 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-11-21 07:16:16 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-21 07:00:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-21 06:54:49 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-21 05:14:26 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 05:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 05:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-21 04:30:26 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-11-18 19:47:50 1691816 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-15 05:13:31 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-11-15 05:13:01 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-11-15 05:13:01 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-11-15 05:13:01 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-11-15 05:13:01 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-11-15 05:12:26 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-11-15 03:54:01 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-11-15 03:53:41 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-11-15 03:53:40 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-11-08 11:22:11 238080 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-08 11:21:32 827904 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-08 06:57:15 187904 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-08 06:56:40 666624 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-06 06:50:46 1627648 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-06 05:35:35 2207744 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2014-11-06 05:03:42 1339392 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-10-30 07:20:58 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2014-10-30 05:22:59 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-10-23 12:47:53 79872 ----a-w- C:\Windows\System32\packager.dll
2014-10-23 11:04:41 68096 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 15:06:40,28 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:06 PM

Posted 20 January 2015 - 11:39 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 RomanPolanski

RomanPolanski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 21 January 2015 - 09:11 AM

Hi Machiavelli, thanks for your help. These are my results:

# AdwCleaner v4.108 - Reporte Creado 21/01/2015 en 14:38:00
# Actualizado 17/01/2015 por Xplode
# Database : 2015-01-18.1 [Live]
# Sistema Operativo : Windows 8 Pro  (64 bits)
# Nombre de usuario : Hector - EQUIPO_HECTOR
# Ejecutado desde : C:\Users\Hector\Desktop\AdwCleaner.exe
# Opción : Limpiar

***** [ Servicios ] *****


***** [ Archivos / Carpetas ] *****


***** [ Tareas ] *****


***** [ Accesos directos ] *****


***** [ Registro ] *****

Clave Borrar : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v19.0 (es-ES)


-\\ Google Chrome v34.0.1847.131


-\\ Comodo Dragon v


*************************

AdwCleaner[R1].txt - [23847 octets] - [20/01/2015 13:44:26]
AdwCleaner[R2].txt - [1016 octets] - [21/01/2015 14:36:42]
AdwCleaner[S1].txt - [23430 octets] - [20/01/2015 13:46:39]
AdwCleaner[S2].txt - [933 octets] - [21/01/2015 14:38:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [992 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 Pro x64
Ran by Hector on 21/01/2015 at 15:00:23,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC.TMP-4B5F90A7.pf



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Hector\AppData\Roaming\mozilla\firefox\profiles\lexdnt64.default\extensions\staged
Successfully deleted the following from C:\Users\Hector\AppData\Roaming\mozilla\firefox\profiles\lexdnt64.default\prefs.js

user_pref("extensions.qbp0y_.url", "hxxp://getjpiproxy.info/sync2/?q=hfZ9ofV9CShEAen0qHw9tMqLDe49CNU0mlrMCMlNhd9Fqda8rdgGrjk6qdYMBzqUojw9rdCEqdw9rjCFqih7hfs0pihPBMn0qTg5rjg6pj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/01/2015 at 15:02:27,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Hector (administrator) on EQUIPO_HECTOR on 21-01-2015 15:08:19
Running from C:\Users\Hector\Desktop
Loaded Profiles: Hector & UpdatusUser (Available profiles: Hector & UpdatusUser)
Platform: Windows 8 Pro (X64) OS Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\NetTime\NetTimeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Spotify Ltd) C:\Users\Hector\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\NetTime\NetTime.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\USIM Editor\iconcs447609.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Hector\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [ACPW06EN] => C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1133176 2012-08-31] (ACD Systems)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [113627 2012-06-16] (Oleg N. Scherbakov)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs447609.exe [7041024 2010-07-02] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-12-09] (MyHeritage)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Run: [Spotify Web Helper] => C:\Users\Hector\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\MountPoints2: {2c23ddd0-b3fa-11e3-8013-001b10002aec} - "D:\Startme.exe" 
HKU\S-1-5-21-1695387738-1297253553-3520990962-1004\...\MountPoints2: {de00a8fc-caa3-11e2-be6c-806e6f6e6963} - "E:\Run.exe" 
AppInit_DLLs-x32: c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll => "c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1695387738-1297253553-3520990962-1001 -> {3D3CAC10-567E-40B8-A6BD-8BE77384F4BF} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1695387738-1297253553-3520990962-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: YoutubeAdblocker -> {21D37A47-BD7C-C03C-A831-9C1B8DD66A63} -> C:\Program Files (x86)\YoutubeAdblocker\TP4E.x64.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1695387738-1297253553-3520990962-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @talk.google.com/O3DPlugin -> C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1004: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hector\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Hector\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2013-06-01]
FF Extension: SNT - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\ue6_csl@uqbxtjtabu.com [2014-07-04]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-06-01]
FF Extension: EPUBReader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-06-01]
FF Extension: WOT - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-06-01]
FF Extension: DownloadHelper - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-06-01]
FF Extension: Flash Video Downloader - Youtube Downloader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\artur.dubovoy@gmail.com.xpi [2013-06-01]
FF Extension: Tab Badge - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\badge@darktrojan.net.xpi [2013-06-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-06-01]
FF Extension: Firebug - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\firebug@software.joehewitt.com.xpi [2013-06-01]
FF Extension: MEGA EXTENSION - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\firefox@mega.co.nz.xpi [2013-06-01]
FF Extension: Print Edit - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\printedit@DW-dev.xpi [2013-06-01]
FF Extension: SkipScreen - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\SkipScreen@SkipScreen.xpi [2013-06-01]
FF Extension: Google Translator for Firefox - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\translator@zoli.bod.xpi [2013-06-01]
FF Extension: YouTube to MP3 - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-06-01]
FF Extension: Image Zoom - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-06-01]
FF Extension: PDF Download - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-06-01]
FF Extension: Text Link - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2013-06-01]
FF Extension: FireFTP - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-06-01]
FF Extension: RightToClick - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-01]
FF Extension: Download Statusbar - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-06-01]
FF Extension: Tab Mix Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-06-01]
FF Extension: DownThemAll! - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-01]
FF Extension: Greasemonkey - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (uunisAles) - C:\ProgramData\pbajgboomnojkaegggjkieggjabhaben\ [2013-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [113627 2012-06-16] (Oleg N. Scherbakov) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-18] () [File not signed]
R2 HPSLPSVC; C:\Users\Hector\AppData\Local\Temp\7zS7472\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [450048 2013-03-24] () [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143624 2013-01-10] (Stardock Software, Inc)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 AfaService; C:\Windows\system32\afasrv64.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-05] (Disc Soft Ltd)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 15:06 - 2015-01-20 14:44 - 02126848 _____ (Farbar) C:\Users\Hector\Desktop\FRST64.exe
2015-01-21 15:02 - 2015-01-21 15:02 - 00001145 _____ () C:\Users\Hector\Desktop\JRT.txt
2015-01-21 15:00 - 2015-01-21 15:00 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 14:56 - 2015-01-21 14:56 - 01707939 _____ (Thisisu) C:\Users\Hector\Desktop\JRT.exe
2015-01-21 14:53 - 2015-01-21 14:53 - 00000049 _____ () C:\Users\Hector\Desktop\MBAM.txt
2015-01-21 14:39 - 2015-01-21 14:39 - 00001071 _____ () C:\Users\Hector\Desktop\AdwCleaner[S2].txt
2015-01-21 14:38 - 2015-01-21 14:38 - 00000314 _____ () C:\Windows\PFRO.log
2015-01-21 14:36 - 2015-01-21 14:36 - 02186752 _____ () C:\Users\Hector\Downloads\AdwCleaner.exe
2015-01-21 14:36 - 2015-01-21 14:36 - 02186752 _____ () C:\Users\Hector\Desktop\AdwCleaner.exe
2015-01-21 14:10 - 2015-01-21 14:24 - 00061443 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 19:10 - 2015-01-20 19:10 - 00071518 _____ () C:\Users\Hector\Downloads\The Cabin in the Woods (2011).srt
2015-01-20 19:10 - 2015-01-20 19:10 - 00023274 _____ () C:\Users\Hector\Downloads\the_cabin_in_the_woods_720p_bluray_x264_hdex.torrent
2015-01-20 16:14 - 2015-01-20 16:14 - 00043472 _____ () C:\Users\Hector\Downloads\Homeland - 02x10 - Broken Hearts  (Español (España)).srt
2015-01-20 15:48 - 2015-01-20 15:48 - 04168247 _____ () C:\Users\Hector\Desktop\tdsskiller.zip
2015-01-20 15:47 - 2015-01-20 15:47 - 00001244 _____ () C:\Users\Hector\Desktop\ark.txt
2015-01-20 15:39 - 2015-01-20 15:39 - 00380416 _____ () C:\Users\Hector\Downloads\zrx1jslo.exe
2015-01-20 15:23 - 2015-01-21 15:08 - 00025287 _____ () C:\Users\Hector\Desktop\FRST.txt
2015-01-20 15:23 - 2015-01-20 15:23 - 00029337 _____ () C:\Users\Hector\Desktop\Addition.txt
2015-01-20 15:22 - 2015-01-20 15:22 - 00029337 _____ () C:\Users\Hector\Downloads\Addition.txt
2015-01-20 15:21 - 2015-01-21 15:08 - 00000000 ____D () C:\FRST
2015-01-20 15:21 - 2015-01-20 15:22 - 00051043 _____ () C:\Users\Hector\Downloads\FRST.txt
2015-01-20 15:06 - 2015-01-20 15:07 - 00021182 _____ () C:\Users\Hector\Desktop\dds.txt
2015-01-20 15:06 - 2015-01-20 15:07 - 00018722 _____ () C:\Users\Hector\Desktop\attach.txt
2015-01-20 15:04 - 2015-01-20 15:05 - 00688992 ____R (Swearware) C:\Users\Hector\Downloads\dds.com
2015-01-20 14:44 - 2015-01-20 14:44 - 02126848 _____ (Farbar) C:\Users\Hector\Downloads\FRST64.exe
2015-01-20 13:44 - 2015-01-21 14:38 - 00000000 ____D () C:\AdwCleaner
2015-01-20 13:43 - 2015-01-20 13:43 - 02186752 _____ () C:\Users\Hector\Downloads\adwcleaner_4.108.exe
2015-01-19 20:58 - 2015-01-19 20:58 - 00160626 _____ () C:\Users\Hector\Downloads\Lincoln (2012).srt
2015-01-19 20:57 - 2015-01-19 20:57 - 00058504 _____ () C:\Users\Hector\Downloads\lincoln_2012_dvdscr_xvid_hellraz0r.torrent
2015-01-19 16:25 - 2015-01-19 16:25 - 00018117 _____ () C:\Users\Hector\Downloads\[kickass.so]arcade.fire.reflecktor.2cd.proper.320.bubanee.torrent
2015-01-19 13:17 - 2015-01-19 13:17 - 00053443 _____ () C:\Users\Hector\Downloads\Homeland - 02x09 - Two Hats (Español (España)).srt
2015-01-19 13:17 - 2015-01-19 13:17 - 00051317 _____ () C:\Users\Hector\Downloads\Homeland - 02x08 - I'll Fly Away.srt
2015-01-18 15:18 - 2015-01-18 15:18 - 00000936 _____ () C:\Users\UpdatusUser\Desktop\Guitar Pro 5.lnk
2015-01-18 15:18 - 2015-01-18 15:18 - 00000936 _____ () C:\Users\Hector\Desktop\Guitar Pro 5.lnk
2015-01-18 15:18 - 2015-01-18 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
2015-01-18 15:18 - 2015-01-18 15:18 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 5
2015-01-18 15:08 - 2015-01-18 15:08 - 00028019 _____ () C:\Users\Hector\Downloads\[kickass.so]guitar.pro.5.full.version.torrent
2015-01-18 15:07 - 2015-01-18 15:07 - 00004077 _____ () C:\Users\Hector\Downloads\[kickass.so]guitar.pro.5.2.full.serial.completo.torrent
2015-01-18 15:06 - 2015-01-18 15:06 - 01364344 _____ () C:\Users\Hector\Downloads\Descarga desde Identi (MEGA).exe
2015-01-18 15:03 - 2015-01-18 15:03 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration
2015-01-18 15:02 - 2015-01-18 15:02 - 00000000 ____D () C:\ProgramData\pbajgboomnojkaegggjkieggjabhaben
2015-01-18 14:57 - 2015-01-18 14:57 - 01218240 _____ () C:\Users\Hector\Downloads\GTR.PR.Sofw.By.CompucaliTv.Com.rar.exe
2015-01-18 14:51 - 2015-01-18 15:00 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Guitar Pro 6
2015-01-18 14:51 - 2015-01-18 14:51 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2015-01-18 14:49 - 2015-01-18 14:49 - 00019127 _____ () C:\Users\Hector\Downloads\Nirvana - Where Did You Sleep Last Night.gp3
2015-01-18 10:51 - 2015-01-18 10:51 - 00031451 _____ () C:\Users\Hector\Downloads\[kickass.so]linkin.park.discography.320kbps.cbr.mp3.tugazx.torrent
2015-01-17 21:15 - 2015-01-17 21:15 - 00041031 _____ () C:\Users\Hector\Downloads\361931 (1).zip
2015-01-17 21:14 - 2015-01-17 21:14 - 00041031 _____ () C:\Users\Hector\Downloads\361931.zip
2015-01-17 11:49 - 2015-01-17 11:49 - 00000018 _____ () C:\Users\Hector\Desktop\covers.txt
2015-01-16 15:55 - 2015-01-16 15:55 - 00016258 _____ () C:\Users\Hector\Downloads\[kickass.so]miles.davis.steamin.with.the.miles.davis.quintet.1961.jazz.mp3.320.h33t.schon55.torrent
2015-01-16 13:14 - 2015-01-16 13:14 - 00020633 _____ () C:\Users\Hector\Downloads\[kickass.so]miles.davis.bleepes.brew.1969.torrent
2015-01-15 13:57 - 2015-01-15 13:57 - 00057979 _____ () C:\Users\Hector\Downloads\Homeland - 02x04 - New Car Smell  (Español (España)).srt
2015-01-15 12:31 - 2015-01-15 12:31 - 00018363 _____ () C:\Users\Hector\Downloads\367898.rar
2015-01-15 12:28 - 2015-01-15 12:28 - 00050267 _____ () C:\Users\Hector\Downloads\wadjda_2012_bdrip.torrent
2015-01-15 12:27 - 2015-01-15 12:27 - 00018942 _____ () C:\Users\Hector\Downloads\arcticmonkeys-favouriteworstnigh.torrent
2015-01-14 21:42 - 2015-01-14 21:42 - 00015495 _____ () C:\Users\Hector\Downloads\40844.torrent
2015-01-14 21:41 - 2015-01-14 21:41 - 00013247 _____ () C:\Users\Hector\Downloads\nebraska_2013__bdrip_.torrent
2015-01-14 21:38 - 2015-01-14 21:38 - 00013247 _____ () C:\Users\Hector\Downloads\nebraska_2013_bdrip_x264_sparks.torrent
2015-01-14 15:24 - 2014-11-27 03:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 15:24 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 15:24 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 15:24 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 15:24 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 15:24 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 15:24 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 15:24 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 15:24 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 15:23 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 15:23 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 15:23 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 15:23 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 15:23 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 15:21 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:21 - 2014-12-11 08:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:21 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:21 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 15:21 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 15:21 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 15:21 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:21 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 15:21 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 15:21 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 15:21 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 15:21 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 15:21 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 15:21 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 15:21 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 15:20 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:58 - 2015-01-14 14:58 - 00014774 _____ () C:\Users\Hector\Downloads\[kickass.so]tropa.de.elite.spanish.dvdrip.xvid.torrent
2015-01-14 14:57 - 2015-01-14 14:57 - 00028476 _____ () C:\Users\Hector\Downloads\[kickass.so]tropa.de.elite.2007.dvdrip.xvid.v.o.sub.spanish.com.torrent
2015-01-13 20:08 - 2015-01-13 20:08 - 00015020 _____ () C:\Users\Hector\Downloads\inside_llewyn_davis_2013_dvdscr_xvid_ac3_hq_hive_cm8.torrent
2015-01-12 15:11 - 2015-01-12 15:11 - 00115108 _____ () C:\Users\Hector\Downloads\Gravity_2013_HDRip_XviD_AC3_RBG.torrent
2015-01-11 21:25 - 2015-01-11 21:25 - 00168148 _____ () C:\Users\Hector\Downloads\American Hustle (2013) (1).srt
2015-01-11 21:00 - 2015-01-11 21:00 - 00017046 _____ () C:\Users\Hector\Downloads\a_touch_of_sin_2013_720p_brrip_h264_aac_rarbg.torrent
2015-01-11 20:58 - 2015-01-11 20:58 - 00113820 _____ () C:\Users\Hector\Downloads\12_Years_A_Slave_2013_HDRip_XViD_juggs.torrent
2015-01-11 20:58 - 2015-01-11 20:58 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (5).exe
2015-01-11 16:01 - 2015-01-11 16:01 - 00018615 _____ () C:\Users\Hector\Downloads\[torrentino-net]-si-begg-director-s-cut-2003-flac-lossless.torrent
2015-01-11 15:57 - 2015-01-11 15:57 - 00018263 _____ () C:\Users\Hector\Downloads\[kickass.so]dj.food.and.dk.now.listen.again.2007.zaion.rg.torrent
2015-01-11 11:27 - 2015-01-11 11:27 - 00001330 _____ () C:\Users\Hector\Desktop\jre1.8.0_25 - Acceso directo.lnk
2015-01-10 17:07 - 2015-01-10 17:07 - 00032310 _____ () C:\Users\Hector\Downloads\Homeland.S02E12.HDTV.x264-ASAP.VTV.mp4.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00031160 _____ () C:\Users\Hector\Downloads\Homeland.2x02.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00030758 _____ () C:\Users\Hector\Downloads\Homeland.2x07.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00028891 _____ () C:\Users\Hector\Downloads\Homeland.S02E03.HDTV.x264-ASAP..mp4.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00027038 _____ () C:\Users\Hector\Downloads\Homeland.2x08.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00026818 _____ () C:\Users\Hector\Downloads\Homeland.2x06.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00026598 _____ () C:\Users\Hector\Downloads\Homeland.2x04.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00025340 _____ () C:\Users\Hector\Downloads\Homeland.2x11.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00025178 _____ () C:\Users\Hector\Downloads\Homeland.2x09.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00024860 _____ () C:\Users\Hector\Downloads\Homeland.2x10.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00024287 _____ () C:\Users\Hector\Downloads\Homeland.2x05.HDTV-PROPER-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00008271 _____ () C:\Users\Hector\Downloads\Homeland.2x01.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:06 - 2015-01-10 17:06 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (4).exe
2015-01-10 17:06 - 2015-01-10 17:06 - 00023159 _____ () C:\Users\Hector\Downloads\American.Hustle.DVD.NTSC.Latino.t30321.torrent
2015-01-10 17:04 - 2015-01-10 17:04 - 00020597 _____ () C:\Users\Hector\Downloads\american_hustle_2013_dvdscr_xvid_ac3_fingerblast.torrent
2015-01-10 17:03 - 2015-01-10 17:03 - 00011755 _____ () C:\Users\Hector\Downloads\La_gran_estafa_americana_HDRip.torrent
2015-01-09 00:57 - 2015-01-09 00:57 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (3).exe
2015-01-09 00:57 - 2015-01-09 00:57 - 00000000 _____ () C:\Users\Hector\Downloads\Requiem For A Dream - Directors Cut (2000).torrent
2015-01-09 00:56 - 2015-01-09 00:56 - 00012605 _____ () C:\Users\Hector\Downloads\Life.of.Pi.2012.DVDSCR.XviD.AC3.SBT.t23516.torrent
2015-01-09 00:53 - 2015-01-09 00:53 - 00014704 _____ () C:\Users\Hector\Downloads\[kickass.so]requiem.for.a.dream.excelente.calidad.idioma.ingles.subtitulos.español.torrent
2015-01-08 12:19 - 2015-01-08 12:19 - 00018932 _____ () C:\Users\Hector\Downloads\[kickass.so]breaking.benjamin.phobia.2006.full.album.320kbps.mp3.torrent
2015-01-07 18:40 - 2015-01-07 18:40 - 00026466 _____ () C:\Users\Hector\Downloads\Linkin-Park-2014-The-Hunting-Party_4.torrent
2015-01-06 21:53 - 2015-01-06 21:53 - 00000000 ____D () C:\Users\Hector\Documents\MyHeritage
2015-01-04 23:29 - 2015-01-04 23:29 - 00063957 _____ () C:\Users\Hector\Downloads\to-the-wonder-bluray-1080p.torrent
2015-01-04 23:26 - 2015-01-04 23:26 - 00023140 _____ () C:\Users\Hector\Downloads\to_the_wonder_2012_limited_720p_bluray_x264_geckos.torrent
2015-01-04 23:21 - 2015-01-04 23:21 - 00015059 _____ () C:\Users\Hector\Downloads\[kickass.so]drive.original.motion.picture.soundtrack.320kbps.mp3.torrent
2015-01-04 23:07 - 2015-01-04 23:07 - 00225286 _____ () C:\Users\Hector\Downloads\[kickass.so]federico.fellini.giulietta.degli.spiriti.torrent
2015-01-03 11:03 - 2015-01-03 11:03 - 00065404 _____ () C:\Users\Hector\Downloads\[kickass.so]black.rebel.motorcycle.club.discography.channel.neo.torrent
2015-01-02 15:26 - 2015-01-02 18:19 - 533418159 _____ () C:\Users\Hector\Downloads\qtxvc.Steve.Kuhn.Trio..Plays.Standards.2007.Lossless.rar
2015-01-02 00:40 - 2015-01-02 00:40 - 00000995 _____ () C:\Users\Public\Desktop\eMule.lnk
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Users\Hector\Downloads\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Users\Hector\AppData\Local\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\ProgramData\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Program Files (x86)\eMule
2015-01-02 00:39 - 2015-01-02 00:40 - 03389035 _____ () C:\Users\Hector\Downloads\eMule0.50a-Installer.exe
2015-01-02 00:28 - 2015-01-02 00:28 - 00595040 _____ () C:\Users\Hector\Downloads\Installation.exe
2015-01-02 00:24 - 2015-01-02 00:24 - 00026711 _____ () C:\Users\Hector\Downloads\[kickass.so]divx.ita.subs.en.fr.fellini.il.bidone.torrent
2015-01-01 15:29 - 2015-01-01 15:29 - 00016141 _____ () C:\Users\Hector\Downloads\[kickass.so]linking.park.living.things.full.album.2012.320kbps.mp3.mahiy.torrent
2014-12-31 21:36 - 2014-12-31 21:36 - 00015900 _____ () C:\Users\Hector\Downloads\[kickass.so]la.delgada.linea.roja.hdrip.spanish.torrent
2014-12-31 17:16 - 2014-12-31 17:16 - 00017591 _____ () C:\Users\Hector\Downloads\[kickass.so]charlie.haden.the.best.of.quartet.west.2007.eac.flac.torrent
2014-12-31 11:20 - 2014-12-31 11:20 - 00019216 _____ () C:\Users\Hector\Downloads\[kickass.so]black.rebel.motorcycle.club.full.discography.requested.mp3.2013.320kbps.torrent
2014-12-30 18:58 - 2014-12-30 18:58 - 00016040 _____ () C:\Users\Hector\Downloads\[kickass.so]wilco.being.there.1996.320.kbps.torrent
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 ____D () C:\Program Files\InterActual
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 _____ () C:\Windows\iPlayer.INI
2014-12-29 15:03 - 2014-12-29 15:03 - 00014672 _____ () C:\Users\Hector\Downloads\Delicatessen%5BDivxtotal%5D.avi.c28935.torrent
2014-12-29 15:01 - 2014-12-29 15:01 - 00014410 _____ () C:\Users\Hector\Downloads\Delicatessen_(Delikatesy)_(1991)_[DivX]_[DVDRiP].torrent
2014-12-29 15:00 - 2014-12-29 15:00 - 00045440 _____ () C:\Users\Hector\Downloads\[kickass.so]delicatessen.1991.720p.bluray.x264.don.torrent
2014-12-29 13:57 - 2014-12-29 13:57 - 00018880 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.permutation.1998.torrent
2014-12-29 13:56 - 2014-12-29 13:56 - 00072794 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.discography.lossless.flac.torrent
2014-12-29 13:55 - 2014-12-29 13:55 - 00012001 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.permutation.torrent
2014-12-28 16:39 - 2014-12-28 16:40 - 03900888 _____ (http://yourfile-downloader.com) C:\Users\Hector\Downloads\YourFile_downloader.exe
2014-12-28 16:38 - 2014-12-28 16:38 - 00000000 _____ () C:\Users\Hector\Downloads\2ba25939b5d5317d86dcd24ea13aff2a53bd2be5.torrent
2014-12-27 23:36 - 2014-12-27 23:36 - 00013722 _____ () C:\Users\Hector\Downloads\[kickass.so]le.notti.di.cabiria.aka.nights.of.cabiria.1957.federico.fell.torrent
2014-12-27 23:33 - 2014-12-27 23:33 - 00081907 _____ () C:\Users\Hector\Downloads\[kickass.so]le.notti.di.cabiria.aka.nights.of.cabiria.federico.fellini.torrent
2014-12-26 19:57 - 2014-12-26 19:57 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (2).exe
2014-12-26 19:57 - 2014-12-26 19:57 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (1).exe
2014-12-26 19:56 - 2014-12-26 19:56 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria.exe
2014-12-26 19:37 - 2014-12-26 19:37 - 00431008 _____ () C:\Users\Hector\Downloads\FileDownloadedSuccessfully_downloader-N9PX3TSDB.exe
2014-12-26 19:34 - 2014-12-26 19:34 - 00095002 _____ () C:\Users\Hector\Downloads\Nights_of_Cabiria_(Le_Notti_di_Cabiria)_-_(1957)_[TTU_RG].torrent
2014-12-25 18:51 - 2014-12-25 18:51 - 00044555 _____ () C:\Users\Hector\Downloads\[kickass.so]la.dolce.vita.fellini.1960.ita.esp.torrent
2014-12-25 17:08 - 2014-12-25 17:08 - 00020955 _____ () C:\Users\Hector\Downloads\[limetorrents.cc]Inmigrantes-.L.A..Dolce.Vita.[DVDrip][XViD][Espanol][Spanish].torrent
2014-12-25 17:00 - 2014-12-25 17:00 - 00020889 _____ () C:\Users\Hector\Downloads\33609.torrent
2014-12-25 16:53 - 2014-12-25 16:53 - 00021296 _____ () C:\Users\Hector\Downloads\[kickass.so]inmigrantes.l.a.dolce.vita.dvdrip.spanish.torrent
2014-12-24 15:29 - 2014-12-24 15:29 - 00026082 _____ () C:\Users\Hector\Downloads\elextraordinarioviajedetsspivetdvdxvidwwwdivxtotalco.t44901.torrent
2014-12-24 15:21 - 2014-12-24 15:21 - 00018194 _____ () C:\Users\Hector\Downloads\[kickass.so]el.extraordinario.viaje.de.t.s.spivet.bluray.screener.español.castellano.2014.torrent
2014-12-22 15:35 - 2014-12-22 15:35 - 00014623 _____ () C:\Users\Hector\Downloads\[kickass.so]largo.domingo.de.noviazgo.dvdrip.spanish.avi.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 15:04 - 2013-06-01 12:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-21 15:04 - 2013-06-01 11:56 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 15:04 - 2013-06-01 11:22 - 00000000 ____D () C:\Program Files\KMSpico
2015-01-21 15:04 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 15:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-21 15:00 - 2013-06-01 12:22 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1695387738-1297253553-3520990962-1001
2015-01-21 14:59 - 2012-07-26 12:21 - 00799076 _____ () C:\Windows\system32\perfh00A.dat
2015-01-21 14:59 - 2012-07-26 12:21 - 00163386 _____ () C:\Windows\system32\perfc00A.dat
2015-01-21 14:59 - 2012-07-26 08:28 - 01801978 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 14:42 - 2014-07-04 10:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 14:38 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-21 14:22 - 2013-06-01 12:01 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 14:16 - 2013-06-01 11:56 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 01:03 - 2013-06-08 12:50 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\vlc
2015-01-21 01:03 - 2013-06-01 12:14 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\uTorrent
2015-01-20 23:07 - 2014-07-08 08:35 - 00000000 ____D () C:\Users\Hector\Desktop\Torrent
2015-01-20 14:33 - 2013-08-05 13:34 - 00728064 ___SH () C:\Users\Hector\Desktop\Thumbs.db
2015-01-20 14:24 - 2014-05-14 22:57 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Azureus
2015-01-20 14:24 - 2013-09-23 20:03 - 00000000 ____D () C:\Users\Hector\AppData\Local\CrashDumps
2015-01-20 14:24 - 2013-08-28 10:03 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\DAEMON Tools Lite
2015-01-20 13:46 - 2013-06-01 12:17 - 00000975 _____ () C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 13:46 - 2013-06-01 12:14 - 00000812 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-20 13:46 - 2013-06-01 12:01 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 13:46 - 2013-06-01 11:25 - 00000000 ____D () C:\Users\Hector
2015-01-19 20:53 - 2012-07-26 12:25 - 00000000 ____D () C:\Windows\SKB
2015-01-19 20:42 - 2014-07-04 10:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 20:42 - 2014-07-04 10:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 19:49 - 2013-08-03 07:28 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Spotify
2015-01-19 16:24 - 2013-08-03 07:29 - 00000000 ____D () C:\Users\Hector\AppData\Local\Spotify
2015-01-19 14:51 - 2014-06-13 19:28 - 00000000 ____D () C:\Users\Hector\Documents\Dibujos
2015-01-19 13:14 - 2014-11-23 13:57 - 00434440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 12:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-15 01:24 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-15 01:23 - 2013-09-07 13:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 01:16 - 2013-03-23 21:13 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 11:22 - 2014-11-20 22:29 - 00000000 ____D () C:\Program Files (x86)\ePSXe
2015-01-06 00:28 - 2014-07-11 15:31 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 00:28 - 2014-07-11 15:31 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 12:14 - 2013-03-23 21:16 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 17:27 - 2013-11-19 21:54 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\dvdcss
2014-12-26 20:21 - 2014-11-21 01:18 - 00000000 ____D () C:\Users\Hector\Documents\Proyectos
2014-12-26 01:32 - 2014-07-05 11:25 - 00000000 ____D () C:\Users\Hector\Documents\Escritos

==================== Files in the root of some directories =======
2013-09-01 16:33 - 2013-09-01 16:33 - 0000058 _____ () C:\Users\Hector\AppData\Roaming\WB.CFG
2013-09-01 16:33 - 2013-09-01 16:33 - 0000005 _____ () C:\Users\Hector\AppData\Roaming\WBPU-TTL.DAT

Some content of TEMP:
====================
C:\Users\Hector\AppData\Local\Temp\Quarantine.exe
C:\Users\Hector\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 13:42

==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:06 PM

Posted 21 January 2015 - 10:50 AM

Hey, :)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 RomanPolanski

RomanPolanski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 22 January 2015 - 08:45 AM

Hi, here it is:

Malwarebytes Anti-Malware
www.malwarebytes.org

Fecha del Análisis: 21/01/2015
Tiempo de Análisis: 14:42:03
Logfile: mbam(2).txt
Administrador: Si

Versión: 2.00.4.1028
Base de datos de malware: v2015.01.21.06
Base de datos de rootkit: v2015.01.14.01
Licencia: Gratis
Protección contra malware: Desactivado
Protección Web: Desactivado
Autoprotección: Desactivado

SO: Windows 8
CPU: x64
Archivos del Sistema: NTFS
Usuario: Hector

Tipo de Análisis: Análisis Completo
Resultado: Completado
Objetos Analizados: 433479
Tiempo Transcurrido: 10 min, 30 seg

Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Advierten
PUM: Activado

Procesos: 0
(Sin elementos maliciosos detectados)

Modulos: 0
(Sin elementos maliciosos detectados)

Llaves del Registro: 2
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}, Ninguna acción por usuario, [272a1cdbddac60d6e1ccc8cf6c972fd1], 
PUP.Optional.TampaGeneration.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\d65a1a66, Ninguna acción por usuario, [50018e693554f04650d9a5cfc043a65a], 

Valores del Registro: 0
(Sin elementos maliciosos detectados)

Datos del Registro: 0
(Sin elementos maliciosos detectados)

Carpetas: 2
PUP.Optional.TampaGeneration.A, C:\Program Files (x86)\TampaGeneration, Ninguna acción por usuario, [df72f9fe622745f16cbe5222996a1ee2], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 

Archivo: 17
PUP.Optional.Spigot, C:\Program Files\Vuze\spg.zip, Ninguna acción por usuario, [df72ce29286156e085ff7846897852ae], 
PUP.Optional.MultiCore, C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (1).exe, Ninguna acción por usuario, [c889eb0c7b0e1521a0e153b1aa586c94], 
PUP.Optional.MultiCore, C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (2).exe, Ninguna acción por usuario, [89c823d43554ca6cf78ab54ff50d619f], 
PUP.Optional.MultiCore, C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria.exe, Ninguna acción por usuario, [88c9d225c2c757df0c755ea632d0768a], 
PUP.Optional.DomaIQ, C:\Users\Hector\Downloads\Setup.exe, Ninguna acción por usuario, [6be605f2d2b7e056d396a82250b1b24e], 
PUP.Optional.Amonetize, C:\Users\Hector\Downloads\radiohead hail to the thief torrent.zip_10924_i5823623_il345.exe, Ninguna acción por usuario, [7ed327d0612888aede63e928877b50b0], 
PUP.Optional.OutBrowse, C:\Users\Hector\Downloads\Installation.exe, Ninguna acción por usuario, [88c9b7405b2ec76f10489a773ac8ed13], 
PUP.Optional.TampaGeneration.A, C:\Program Files (x86)\TampaGeneration\TampaGeneration.dll, Ninguna acción por usuario, [df72f9fe622745f16cbe5222996a1ee2], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0.localstorage, Ninguna acción por usuario, [f45d9562aadf171f3946b9ca966d8d73], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\000005.ldb, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\000014.ldb, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\000015.log, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\CURRENT, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\LOCK, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\LOG, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\LOG.old, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 
PUP.Optional.CrossRider.A, C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\MANIFEST-000013, Ninguna acción por usuario, [0e43da1d226781b57b3424439e65df21], 

Sectores físicos: 0
(Sin elementos maliciosos detectados)


(end)


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:06 PM

Posted 22 January 2015 - 10:16 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\MountPoints2: {2c23ddd0-b3fa-11e3-8013-001b10002aec} - "D:\Startme.exe" 
    HKU\S-1-5-21-1695387738-1297253553-3520990962-1004\...\MountPoints2: {de00a8fc-caa3-11e2-be6c-806e6f6e6963} - "E:\Run.exe" 
    AppInit_DLLs-x32: c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll => "c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll" File Not Found
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1695387738-1297253553-3520990962-1001 -> {3D3CAC10-567E-40B8-A6BD-8BE77384F4BF} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1695387738-1297253553-3520990962-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: YoutubeAdblocker -> {21D37A47-BD7C-C03C-A831-9C1B8DD66A63} -> C:\Program Files (x86)\YoutubeAdblocker\TP4E.x64.dll No File
    Toolbar: HKU\S-1-5-21-1695387738-1297253553-3520990962-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    FF DefaultSearchEngine: Yahoo!
    FF SelectedSearchEngine: Yahoo!
    FF Keyword.URL: hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
    FF NetworkProxy: "type", 0
    CHR Extension: (uunisAles) - C:\ProgramData\pbajgboomnojkaegggjkieggjabhaben\ [2013-08-25]
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 RomanPolanski

RomanPolanski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 23 January 2015 - 07:35 AM

Ok, it seems that now runs properly. Anyway I'll put the logs.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Hector (administrator) on EQUIPO_HECTOR on 23-01-2015 12:04:45
Running from C:\Users\Hector\Desktop
Loaded Profiles: Hector & UpdatusUser (Available profiles: Hector & UpdatusUser)
Platform: Windows 8 Pro (X64) OS Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\NetTime\NetTimeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Spotify Ltd) C:\Users\Hector\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Hector\AppData\Roaming\Search Protection\SP.exe
() C:\Program Files (x86)\NetTime\NetTime.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\USIM Editor\iconcs447609.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Hector\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [ACPW06EN] => C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1133176 2012-08-31] (ACD Systems)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [113627 2012-06-16] (Oleg N. Scherbakov)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs447609.exe [7041024 2010-07-02] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-12-09] (MyHeritage)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Run: [Spotify Web Helper] => C:\Users\Hector\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\...\Run: [Search Protection] => C:\Users\Hector\AppData\Roaming\Search Protection\SP.EXE [1128760 2015-01-16] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1695387738-1297253553-3520990962-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.search.yahoo.com/?type=667671&fr=spigot-yhp-ie
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-1695387738-1297253553-3520990962-1001 -> DefaultScope {3D3CAC10-567E-40B8-A6BD-8BE77384F4BF} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default
FF Homepage: https://es.search.yahoo.com/?type=667671&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: @talk.google.com/O3DPlugin -> C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-1695387738-1297253553-3520990962-1004: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hector\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Hector\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF SearchPlugin: C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\searchplugins\yahoo_ff.xml
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2013-06-01]
FF Extension: SNT - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\ue6_csl@uqbxtjtabu.com [2014-07-04]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-06-01]
FF Extension: EPUBReader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-06-01]
FF Extension: WOT - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-06-01]
FF Extension: DownloadHelper - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-06-01]
FF Extension: Flash Video Downloader - Youtube Downloader - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\artur.dubovoy@gmail.com.xpi [2013-06-01]
FF Extension: Tab Badge - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\badge@darktrojan.net.xpi [2013-06-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-06-01]
FF Extension: Firebug - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\firebug@software.joehewitt.com.xpi [2013-06-01]
FF Extension: MEGA EXTENSION - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\firefox@mega.co.nz.xpi [2013-06-01]
FF Extension: Print Edit - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\printedit@DW-dev.xpi [2013-06-01]
FF Extension: SkipScreen - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\SkipScreen@SkipScreen.xpi [2013-06-01]
FF Extension: Google Translator for Firefox - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\translator@zoli.bod.xpi [2013-06-01]
FF Extension: YouTube to MP3 - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-06-01]
FF Extension: Image Zoom - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-06-01]
FF Extension: PDF Download - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-06-01]
FF Extension: Text Link - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2013-06-01]
FF Extension: FireFTP - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-06-01]
FF Extension: RightToClick - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-01]
FF Extension: Download Statusbar - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-06-01]
FF Extension: Tab Mix Plus - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-06-01]
FF Extension: DownThemAll! - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-01]
FF Extension: Greasemonkey - C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Hector\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [113627 2012-06-16] (Oleg N. Scherbakov) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-18] () [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [450048 2013-03-24] () [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143624 2013-01-10] (Stardock Software, Inc)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 AfaService; C:\Windows\system32\afasrv64.exe [X]
S2 HPSLPSVC; C:\Users\Hector\AppData\Local\Temp\7zS7472\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-05] (Disc Soft Ltd)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 01:21 - 2015-01-23 01:21 - 00032993 _____ () C:\Users\Hector\Downloads\Homeland_S03E12_WEBRip_x264-KYRettv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00029501 _____ () C:\Users\Hector\Downloads\Homeland_S03E11_HDTV_x264-ASAPettv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00029301 _____ () C:\Users\Hector\Downloads\Homeland.S03E04.HDTV.x264-2HDettv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00028470 _____ () C:\Users\Hector\Downloads\Homeland_S03E06_HDTV_x264-2HDettv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00023079 _____ () C:\Users\Hector\Downloads\Homeland_S03E08_HDTV_x264-2HDettv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00022961 _____ () C:\Users\Hector\Downloads\Homeland_S03E10_HDTV_x264-ASAPettv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00022318 _____ () C:\Users\Hector\Downloads\Homeland_S03E07_HDTV_x264-KILLERSettv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00016072 _____ () C:\Users\Hector\Downloads\Homeland.S03E03.HDTV.x264-ASAP.eztv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00013812 _____ () C:\Users\Hector\Downloads\Homeland.S03E09.HDTV.x264-ASAP.eztv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00013712 _____ () C:\Users\Hector\Downloads\Homeland.S03E01.HDTV.x264-ASAP.eztv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00013531 _____ () C:\Users\Hector\Downloads\Homeland.S03E01.x264-HOMELAND.eztv.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00013274 _____ () C:\Users\Hector\Downloads\Homeland.S03E05.HDTV.x264-KILLERS.torrent
2015-01-23 01:21 - 2015-01-23 01:21 - 00012672 _____ () C:\Users\Hector\Downloads\Homeland.S03E02.HDTV.x264-ASAP.eztv.torrent
2015-01-23 00:11 - 2015-01-23 00:11 - 00050910 _____ () C:\Users\Hector\Downloads\Homeland - 02x12 - The Choice.srt
2015-01-22 22:49 - 2015-01-22 22:49 - 00057591 _____ () C:\Users\Hector\Downloads\[kickass.so]hable.con.ella.talk.to.her.2002.pedro.almodovar.torrent
2015-01-22 17:00 - 2015-01-22 17:00 - 00024778 _____ () C:\Users\Hector\Downloads\Nader.Y.Simin.Una.Separacion.DVD.torrent
2015-01-22 16:50 - 2015-01-22 16:50 - 00113158 _____ () C:\Users\Hector\Downloads\A_Separation_2011_LiMiTED_BDRip_XviD_LPD.torrent
2015-01-22 14:44 - 2015-01-22 14:44 - 00005066 _____ () C:\Users\Hector\Desktop\mbam(2).txt
2015-01-22 02:41 - 2015-01-22 02:41 - 00002250 _____ () C:\Users\Hector\Desktop\neurosis por el cine.txt
2015-01-22 01:25 - 2015-01-22 01:25 - 00072776 _____ () C:\Users\Hector\Downloads\jodorowskys_dune_2013_hd_1080p.srt
2015-01-22 01:25 - 2015-01-22 01:25 - 00013483 _____ () C:\Users\Hector\Downloads\jodorowskys_dune_2013_hd_1080p.torrent
2015-01-22 00:46 - 2015-01-23 12:02 - 00000502 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2015-01-22 00:46 - 2015-01-22 00:46 - 00003156 _____ () C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2015-01-22 00:46 - 2015-01-22 00:46 - 00000982 _____ () C:\Users\Public\Desktop\SmartDraw 2013.lnk
2015-01-22 00:46 - 2015-01-22 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2013
2015-01-22 00:45 - 2015-01-22 00:48 - 00000000 ____D () C:\Program Files (x86)\SmartDraw 2013
2015-01-22 00:23 - 2015-01-22 00:41 - 56809628 _____ () C:\Users\Hector\Downloads\SD2013.rar
2015-01-22 00:19 - 2015-01-22 00:46 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\SmartDraw
2015-01-22 00:19 - 2015-01-22 00:19 - 00000000 ____D () C:\Users\Hector\Documents\SmartDraw
2015-01-22 00:19 - 2015-01-22 00:19 - 00000000 ____D () C:\Users\Hector\AppData\System
2015-01-22 00:19 - 2015-01-22 00:19 - 00000000 ____D () C:\Users\Hector\AppData\Local\SmartDraw
2015-01-22 00:17 - 2015-01-22 00:18 - 00506952 _____ () C:\Users\Hector\Downloads\smartdraw_YZ_ZNME1_setup.exe
2015-01-22 00:14 - 2015-01-22 00:14 - 00000000 ___SD () C:\Users\Hector\Documents\Mis archivos de origen de datos
2015-01-21 21:22 - 2015-01-21 21:22 - 00049817 _____ () C:\Users\Hector\Downloads\Homeland - 02x11 - The Motherbleeper With A Turban (In Memoriam) (Español (Latinoamérica)).srt
2015-01-21 19:35 - 2015-01-21 19:35 - 00085407 _____ () C:\Users\Hector\Downloads\[kickass.so]post.rock.tortoise.discography.torrent
2015-01-21 15:39 - 2015-01-21 15:39 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Search Protection
2015-01-21 15:37 - 2015-01-21 15:37 - 00021886 _____ () C:\Users\Hector\Downloads\the-artist-dvdrip.torrent
2015-01-21 15:09 - 2015-01-21 15:09 - 00051708 _____ () C:\Users\Hector\Desktop\FRST(2).txt
2015-01-21 15:06 - 2015-01-20 14:44 - 02126848 _____ (Farbar) C:\Users\Hector\Desktop\FRST64.exe
2015-01-21 15:02 - 2015-01-21 15:02 - 00001145 _____ () C:\Users\Hector\Desktop\JRT.txt
2015-01-21 15:00 - 2015-01-21 15:00 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 14:56 - 2015-01-21 14:56 - 01707939 _____ (Thisisu) C:\Users\Hector\Desktop\JRT.exe
2015-01-21 14:53 - 2015-01-21 14:53 - 00000049 _____ () C:\Users\Hector\Desktop\MBAM.txt
2015-01-21 14:39 - 2015-01-21 14:39 - 00001071 _____ () C:\Users\Hector\Desktop\AdwCleaner[S2].txt
2015-01-21 14:38 - 2015-01-22 14:28 - 00000904 _____ () C:\Windows\PFRO.log
2015-01-21 14:36 - 2015-01-21 14:36 - 02186752 _____ () C:\Users\Hector\Downloads\AdwCleaner.exe
2015-01-21 14:36 - 2015-01-21 14:36 - 02186752 _____ () C:\Users\Hector\Desktop\AdwCleaner.exe
2015-01-21 14:10 - 2015-01-23 02:28 - 00314972 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 19:10 - 2015-01-20 19:10 - 00071518 _____ () C:\Users\Hector\Downloads\The Cabin in the Woods (2011).srt
2015-01-20 19:10 - 2015-01-20 19:10 - 00023274 _____ () C:\Users\Hector\Downloads\the_cabin_in_the_woods_720p_bluray_x264_hdex.torrent
2015-01-20 16:14 - 2015-01-20 16:14 - 00043472 _____ () C:\Users\Hector\Downloads\Homeland - 02x10 - Broken Hearts  (Español (España)).srt
2015-01-20 15:48 - 2015-01-20 15:48 - 04168247 _____ () C:\Users\Hector\Desktop\tdsskiller.zip
2015-01-20 15:47 - 2015-01-20 15:47 - 00001244 _____ () C:\Users\Hector\Desktop\ark.txt
2015-01-20 15:39 - 2015-01-20 15:39 - 00380416 _____ () C:\Users\Hector\Downloads\zrx1jslo.exe
2015-01-20 15:23 - 2015-01-23 12:04 - 00024111 _____ () C:\Users\Hector\Desktop\FRST.txt
2015-01-20 15:23 - 2015-01-20 15:23 - 00029337 _____ () C:\Users\Hector\Desktop\Addition.txt
2015-01-20 15:22 - 2015-01-20 15:22 - 00029337 _____ () C:\Users\Hector\Downloads\Addition.txt
2015-01-20 15:21 - 2015-01-23 12:04 - 00000000 ____D () C:\FRST
2015-01-20 15:21 - 2015-01-20 15:22 - 00051043 _____ () C:\Users\Hector\Downloads\FRST.txt
2015-01-20 15:06 - 2015-01-20 15:07 - 00021182 _____ () C:\Users\Hector\Desktop\dds.txt
2015-01-20 15:06 - 2015-01-20 15:07 - 00018722 _____ () C:\Users\Hector\Desktop\attach.txt
2015-01-20 15:04 - 2015-01-20 15:05 - 00688992 ____R (Swearware) C:\Users\Hector\Downloads\dds.com
2015-01-20 14:44 - 2015-01-20 14:44 - 02126848 _____ (Farbar) C:\Users\Hector\Downloads\FRST64.exe
2015-01-20 13:44 - 2015-01-21 14:38 - 00000000 ____D () C:\AdwCleaner
2015-01-20 13:43 - 2015-01-20 13:43 - 02186752 _____ () C:\Users\Hector\Downloads\adwcleaner_4.108.exe
2015-01-19 20:58 - 2015-01-19 20:58 - 00160626 _____ () C:\Users\Hector\Downloads\Lincoln (2012).srt
2015-01-19 20:57 - 2015-01-19 20:57 - 00058504 _____ () C:\Users\Hector\Downloads\lincoln_2012_dvdscr_xvid_hellraz0r.torrent
2015-01-19 16:25 - 2015-01-19 16:25 - 00018117 _____ () C:\Users\Hector\Downloads\[kickass.so]arcade.fire.reflecktor.2cd.proper.320.bubanee.torrent
2015-01-19 13:17 - 2015-01-19 13:17 - 00053443 _____ () C:\Users\Hector\Downloads\Homeland - 02x09 - Two Hats (Español (España)).srt
2015-01-19 13:17 - 2015-01-19 13:17 - 00051317 _____ () C:\Users\Hector\Downloads\Homeland - 02x08 - I'll Fly Away.srt
2015-01-18 15:18 - 2015-01-18 15:18 - 00000936 _____ () C:\Users\UpdatusUser\Desktop\Guitar Pro 5.lnk
2015-01-18 15:18 - 2015-01-18 15:18 - 00000936 _____ () C:\Users\Hector\Desktop\Guitar Pro 5.lnk
2015-01-18 15:18 - 2015-01-18 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
2015-01-18 15:18 - 2015-01-18 15:18 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 5
2015-01-18 15:08 - 2015-01-18 15:08 - 00028019 _____ () C:\Users\Hector\Downloads\[kickass.so]guitar.pro.5.full.version.torrent
2015-01-18 15:07 - 2015-01-18 15:07 - 00004077 _____ () C:\Users\Hector\Downloads\[kickass.so]guitar.pro.5.2.full.serial.completo.torrent
2015-01-18 15:06 - 2015-01-18 15:06 - 01364344 _____ () C:\Users\Hector\Downloads\Descarga desde Identi (MEGA).exe
2015-01-18 15:03 - 2015-01-18 15:03 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration
2015-01-18 14:57 - 2015-01-18 14:57 - 01218240 _____ () C:\Users\Hector\Downloads\GTR.PR.Sofw.By.CompucaliTv.Com.rar.exe
2015-01-18 14:51 - 2015-01-18 15:00 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Guitar Pro 6
2015-01-18 14:51 - 2015-01-18 14:51 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2015-01-18 14:49 - 2015-01-18 14:49 - 00019127 _____ () C:\Users\Hector\Downloads\Nirvana - Where Did You Sleep Last Night.gp3
2015-01-18 10:51 - 2015-01-18 10:51 - 00031451 _____ () C:\Users\Hector\Downloads\[kickass.so]linkin.park.discography.320kbps.cbr.mp3.tugazx.torrent
2015-01-17 21:15 - 2015-01-17 21:15 - 00041031 _____ () C:\Users\Hector\Downloads\361931 (1).zip
2015-01-17 21:14 - 2015-01-17 21:14 - 00041031 _____ () C:\Users\Hector\Downloads\361931.zip
2015-01-17 11:49 - 2015-01-17 11:49 - 00000018 _____ () C:\Users\Hector\Desktop\covers.txt
2015-01-16 15:55 - 2015-01-16 15:55 - 00016258 _____ () C:\Users\Hector\Downloads\[kickass.so]miles.davis.steamin.with.the.miles.davis.quintet.1961.jazz.mp3.320.h33t.schon55.torrent
2015-01-16 13:14 - 2015-01-16 13:14 - 00020633 _____ () C:\Users\Hector\Downloads\[kickass.so]miles.davis.bleepes.brew.1969.torrent
2015-01-15 13:57 - 2015-01-15 13:57 - 00057979 _____ () C:\Users\Hector\Downloads\Homeland - 02x04 - New Car Smell  (Español (España)).srt
2015-01-15 12:31 - 2015-01-15 12:31 - 00018363 _____ () C:\Users\Hector\Downloads\367898.rar
2015-01-15 12:28 - 2015-01-15 12:28 - 00050267 _____ () C:\Users\Hector\Downloads\wadjda_2012_bdrip.torrent
2015-01-15 12:27 - 2015-01-15 12:27 - 00018942 _____ () C:\Users\Hector\Downloads\arcticmonkeys-favouriteworstnigh.torrent
2015-01-14 21:42 - 2015-01-14 21:42 - 00015495 _____ () C:\Users\Hector\Downloads\40844.torrent
2015-01-14 21:41 - 2015-01-14 21:41 - 00013247 _____ () C:\Users\Hector\Downloads\nebraska_2013__bdrip_.torrent
2015-01-14 21:38 - 2015-01-14 21:38 - 00013247 _____ () C:\Users\Hector\Downloads\nebraska_2013_bdrip_x264_sparks.torrent
2015-01-14 15:24 - 2014-11-27 03:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 15:24 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 15:24 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 15:24 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 15:24 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 15:24 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 15:24 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 15:24 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 15:24 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 15:24 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 15:23 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 15:23 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 15:23 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 15:23 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 15:23 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 15:21 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:21 - 2014-12-11 08:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:21 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:21 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 15:21 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 15:21 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 15:21 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:21 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 15:21 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 15:21 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 15:21 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 15:21 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 15:21 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 15:21 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 15:21 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 15:20 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:58 - 2015-01-14 14:58 - 00014774 _____ () C:\Users\Hector\Downloads\[kickass.so]tropa.de.elite.spanish.dvdrip.xvid.torrent
2015-01-14 14:57 - 2015-01-14 14:57 - 00028476 _____ () C:\Users\Hector\Downloads\[kickass.so]tropa.de.elite.2007.dvdrip.xvid.v.o.sub.spanish.com.torrent
2015-01-13 20:08 - 2015-01-13 20:08 - 00015020 _____ () C:\Users\Hector\Downloads\inside_llewyn_davis_2013_dvdscr_xvid_ac3_hq_hive_cm8.torrent
2015-01-12 15:11 - 2015-01-12 15:11 - 00115108 _____ () C:\Users\Hector\Downloads\Gravity_2013_HDRip_XviD_AC3_RBG.torrent
2015-01-11 21:25 - 2015-01-11 21:25 - 00168148 _____ () C:\Users\Hector\Downloads\American Hustle (2013) (1).srt
2015-01-11 21:00 - 2015-01-11 21:00 - 00017046 _____ () C:\Users\Hector\Downloads\a_touch_of_sin_2013_720p_brrip_h264_aac_rarbg.torrent
2015-01-11 20:58 - 2015-01-11 20:58 - 00113820 _____ () C:\Users\Hector\Downloads\12_Years_A_Slave_2013_HDRip_XViD_juggs.torrent
2015-01-11 20:58 - 2015-01-11 20:58 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (5).exe
2015-01-11 16:01 - 2015-01-11 16:01 - 00018615 _____ () C:\Users\Hector\Downloads\[torrentino-net]-si-begg-director-s-cut-2003-flac-lossless.torrent
2015-01-11 15:57 - 2015-01-11 15:57 - 00018263 _____ () C:\Users\Hector\Downloads\[kickass.so]dj.food.and.dk.now.listen.again.2007.zaion.rg.torrent
2015-01-11 11:27 - 2015-01-11 11:27 - 00001330 _____ () C:\Users\Hector\Desktop\jre1.8.0_25 - Acceso directo.lnk
2015-01-10 17:07 - 2015-01-10 17:07 - 00032310 _____ () C:\Users\Hector\Downloads\Homeland.S02E12.HDTV.x264-ASAP.VTV.mp4.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00031160 _____ () C:\Users\Hector\Downloads\Homeland.2x02.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00030758 _____ () C:\Users\Hector\Downloads\Homeland.2x07.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00028891 _____ () C:\Users\Hector\Downloads\Homeland.S02E03.HDTV.x264-ASAP..mp4.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00027038 _____ () C:\Users\Hector\Downloads\Homeland.2x08.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00026818 _____ () C:\Users\Hector\Downloads\Homeland.2x06.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00026598 _____ () C:\Users\Hector\Downloads\Homeland.2x04.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00025340 _____ () C:\Users\Hector\Downloads\Homeland.2x11.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00025178 _____ () C:\Users\Hector\Downloads\Homeland.2x09.HDTV-x264-ASAPVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00024860 _____ () C:\Users\Hector\Downloads\Homeland.2x10.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00024287 _____ () C:\Users\Hector\Downloads\Homeland.2x05.HDTV-PROPER-x264-EVOLVEVTV.torrent
2015-01-10 17:07 - 2015-01-10 17:07 - 00008271 _____ () C:\Users\Hector\Downloads\Homeland.2x01.HDTV-x264-EVOLVEVTV.torrent
2015-01-10 17:06 - 2015-01-10 17:06 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (4).exe
2015-01-10 17:06 - 2015-01-10 17:06 - 00023159 _____ () C:\Users\Hector\Downloads\American.Hustle.DVD.NTSC.Latino.t30321.torrent
2015-01-10 17:04 - 2015-01-10 17:04 - 00020597 _____ () C:\Users\Hector\Downloads\american_hustle_2013_dvdscr_xvid_ac3_fingerblast.torrent
2015-01-10 17:03 - 2015-01-10 17:03 - 00011755 _____ () C:\Users\Hector\Downloads\La_gran_estafa_americana_HDRip.torrent
2015-01-09 00:57 - 2015-01-09 00:57 - 00065536 _____ () C:\Users\Hector\Downloads\FLVPlayer-Chrome (3).exe
2015-01-09 00:57 - 2015-01-09 00:57 - 00000000 _____ () C:\Users\Hector\Downloads\Requiem For A Dream - Directors Cut (2000).torrent
2015-01-09 00:56 - 2015-01-09 00:56 - 00012605 _____ () C:\Users\Hector\Downloads\Life.of.Pi.2012.DVDSCR.XviD.AC3.SBT.t23516.torrent
2015-01-09 00:53 - 2015-01-09 00:53 - 00014704 _____ () C:\Users\Hector\Downloads\[kickass.so]requiem.for.a.dream.excelente.calidad.idioma.ingles.subtitulos.español.torrent
2015-01-08 12:19 - 2015-01-08 12:19 - 00018932 _____ () C:\Users\Hector\Downloads\[kickass.so]breaking.benjamin.phobia.2006.full.album.320kbps.mp3.torrent
2015-01-07 18:40 - 2015-01-07 18:40 - 00026466 _____ () C:\Users\Hector\Downloads\Linkin-Park-2014-The-Hunting-Party_4.torrent
2015-01-06 21:53 - 2015-01-06 21:53 - 00000000 ____D () C:\Users\Hector\Documents\MyHeritage
2015-01-04 23:29 - 2015-01-04 23:29 - 00063957 _____ () C:\Users\Hector\Downloads\to-the-wonder-bluray-1080p.torrent
2015-01-04 23:26 - 2015-01-04 23:26 - 00023140 _____ () C:\Users\Hector\Downloads\to_the_wonder_2012_limited_720p_bluray_x264_geckos.torrent
2015-01-04 23:21 - 2015-01-04 23:21 - 00015059 _____ () C:\Users\Hector\Downloads\[kickass.so]drive.original.motion.picture.soundtrack.320kbps.mp3.torrent
2015-01-04 23:07 - 2015-01-04 23:07 - 00225286 _____ () C:\Users\Hector\Downloads\[kickass.so]federico.fellini.giulietta.degli.spiriti.torrent
2015-01-03 11:03 - 2015-01-03 11:03 - 00065404 _____ () C:\Users\Hector\Downloads\[kickass.so]black.rebel.motorcycle.club.discography.channel.neo.torrent
2015-01-02 15:26 - 2015-01-02 18:19 - 533418159 _____ () C:\Users\Hector\Downloads\qtxvc.Steve.Kuhn.Trio..Plays.Standards.2007.Lossless.rar
2015-01-02 00:40 - 2015-01-02 00:40 - 00000995 _____ () C:\Users\Public\Desktop\eMule.lnk
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Users\Hector\Downloads\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Users\Hector\AppData\Local\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\ProgramData\eMule
2015-01-02 00:40 - 2015-01-02 00:40 - 00000000 ____D () C:\Program Files (x86)\eMule
2015-01-02 00:39 - 2015-01-02 00:40 - 03389035 _____ () C:\Users\Hector\Downloads\eMule0.50a-Installer.exe
2015-01-02 00:28 - 2015-01-02 00:28 - 00595040 _____ () C:\Users\Hector\Downloads\Installation.exe
2015-01-02 00:24 - 2015-01-02 00:24 - 00026711 _____ () C:\Users\Hector\Downloads\[kickass.so]divx.ita.subs.en.fr.fellini.il.bidone.torrent
2015-01-01 15:29 - 2015-01-01 15:29 - 00016141 _____ () C:\Users\Hector\Downloads\[kickass.so]linking.park.living.things.full.album.2012.320kbps.mp3.mahiy.torrent
2014-12-31 21:36 - 2014-12-31 21:36 - 00015900 _____ () C:\Users\Hector\Downloads\[kickass.so]la.delgada.linea.roja.hdrip.spanish.torrent
2014-12-31 17:16 - 2014-12-31 17:16 - 00017591 _____ () C:\Users\Hector\Downloads\[kickass.so]charlie.haden.the.best.of.quartet.west.2007.eac.flac.torrent
2014-12-31 11:20 - 2014-12-31 11:20 - 00019216 _____ () C:\Users\Hector\Downloads\[kickass.so]black.rebel.motorcycle.club.full.discography.requested.mp3.2013.320kbps.torrent
2014-12-30 18:58 - 2014-12-30 18:58 - 00016040 _____ () C:\Users\Hector\Downloads\[kickass.so]wilco.being.there.1996.320.kbps.torrent
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 ____D () C:\Program Files\InterActual
2014-12-29 17:30 - 2014-12-29 17:30 - 00000000 _____ () C:\Windows\iPlayer.INI
2014-12-29 15:03 - 2014-12-29 15:03 - 00014672 _____ () C:\Users\Hector\Downloads\Delicatessen%5BDivxtotal%5D.avi.c28935.torrent
2014-12-29 15:01 - 2014-12-29 15:01 - 00014410 _____ () C:\Users\Hector\Downloads\Delicatessen_(Delikatesy)_(1991)_[DivX]_[DVDRiP].torrent
2014-12-29 15:00 - 2014-12-29 15:00 - 00045440 _____ () C:\Users\Hector\Downloads\[kickass.so]delicatessen.1991.720p.bluray.x264.don.torrent
2014-12-29 13:57 - 2014-12-29 13:57 - 00018880 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.permutation.1998.torrent
2014-12-29 13:56 - 2014-12-29 13:56 - 00072794 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.discography.lossless.flac.torrent
2014-12-29 13:55 - 2014-12-29 13:55 - 00012001 _____ () C:\Users\Hector\Downloads\[kickass.so]amon.tobin.permutation.torrent
2014-12-28 16:39 - 2014-12-28 16:40 - 03900888 _____ (http://yourfile-downloader.com) C:\Users\Hector\Downloads\YourFile_downloader.exe
2014-12-28 16:38 - 2014-12-28 16:38 - 00000000 _____ () C:\Users\Hector\Downloads\2ba25939b5d5317d86dcd24ea13aff2a53bd2be5.torrent
2014-12-27 23:36 - 2014-12-27 23:36 - 00013722 _____ () C:\Users\Hector\Downloads\[kickass.so]le.notti.di.cabiria.aka.nights.of.cabiria.1957.federico.fell.torrent
2014-12-27 23:33 - 2014-12-27 23:33 - 00081907 _____ () C:\Users\Hector\Downloads\[kickass.so]le.notti.di.cabiria.aka.nights.of.cabiria.federico.fellini.torrent
2014-12-26 19:57 - 2014-12-26 19:57 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (2).exe
2014-12-26 19:57 - 2014-12-26 19:57 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (1).exe
2014-12-26 19:56 - 2014-12-26 19:56 - 01261944 _____ () C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria.exe
2014-12-26 19:37 - 2014-12-26 19:37 - 00431008 _____ () C:\Users\Hector\Downloads\FileDownloadedSuccessfully_downloader-N9PX3TSDB.exe
2014-12-26 19:34 - 2014-12-26 19:34 - 00095002 _____ () C:\Users\Hector\Downloads\Nights_of_Cabiria_(Le_Notti_di_Cabiria)_-_(1957)_[TTU_RG].torrent
2014-12-25 18:51 - 2014-12-25 18:51 - 00044555 _____ () C:\Users\Hector\Downloads\[kickass.so]la.dolce.vita.fellini.1960.ita.esp.torrent
2014-12-25 17:08 - 2014-12-25 17:08 - 00020955 _____ () C:\Users\Hector\Downloads\[limetorrents.cc]Inmigrantes-.L.A..Dolce.Vita.[DVDrip][XViD][Espanol][Spanish].torrent
2014-12-25 17:00 - 2014-12-25 17:00 - 00020889 _____ () C:\Users\Hector\Downloads\33609.torrent
2014-12-25 16:53 - 2014-12-25 16:53 - 00021296 _____ () C:\Users\Hector\Downloads\[kickass.so]inmigrantes.l.a.dolce.vita.dvdrip.spanish.torrent
2014-12-24 15:29 - 2014-12-24 15:29 - 00026082 _____ () C:\Users\Hector\Downloads\elextraordinarioviajedetsspivetdvdxvidwwwdivxtotalco.t44901.torrent
2014-12-24 15:21 - 2014-12-24 15:21 - 00018194 _____ () C:\Users\Hector\Downloads\[kickass.so]el.extraordinario.viaje.de.t.s.spivet.bluray.screener.español.castellano.2014.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 12:04 - 2013-06-01 11:56 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-23 12:04 - 2013-06-01 11:56 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-23 12:04 - 2013-06-01 11:56 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 12:04 - 2013-06-01 11:56 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 12:03 - 2013-08-05 13:34 - 00728064 ___SH () C:\Users\Hector\Desktop\Thumbs.db
2015-01-23 12:03 - 2013-06-01 11:22 - 00000000 ____D () C:\Program Files\KMSpico
2015-01-23 12:02 - 2013-06-01 12:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-23 12:02 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 12:02 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-23 12:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-23 02:30 - 2013-06-01 12:14 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\uTorrent
2015-01-23 02:22 - 2013-06-01 12:01 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 02:20 - 2014-07-08 08:35 - 00000000 ____D () C:\Users\Hector\Desktop\Torrent
2015-01-23 01:16 - 2013-06-08 12:50 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\vlc
2015-01-22 14:50 - 2013-06-01 12:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1695387738-1297253553-3520990962-1001
2015-01-22 14:42 - 2014-07-04 10:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 14:32 - 2012-07-26 12:21 - 00799076 _____ () C:\Windows\system32\perfh00A.dat
2015-01-22 14:32 - 2012-07-26 12:21 - 00163386 _____ () C:\Windows\system32\perfc00A.dat
2015-01-22 14:32 - 2012-07-26 08:28 - 01801978 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 00:21 - 2013-09-23 20:03 - 00000000 ____D () C:\Users\Hector\AppData\Local\CrashDumps
2015-01-21 20:20 - 2013-08-03 07:28 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Spotify
2015-01-21 15:38 - 2014-05-16 10:44 - 00000857 _____ () C:\Users\Hector\Desktop\µTorrent.lnk
2015-01-21 15:38 - 2014-05-16 10:44 - 00000837 _____ () C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-20 14:24 - 2014-05-14 22:57 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\Azureus
2015-01-20 14:24 - 2013-08-28 10:03 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\DAEMON Tools Lite
2015-01-20 13:46 - 2013-06-01 12:17 - 00000975 _____ () C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 13:46 - 2013-06-01 12:14 - 00000812 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-20 13:46 - 2013-06-01 12:01 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 13:46 - 2013-06-01 11:25 - 00000000 ____D () C:\Users\Hector
2015-01-19 20:53 - 2012-07-26 12:25 - 00000000 ____D () C:\Windows\SKB
2015-01-19 20:42 - 2014-07-04 10:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 20:42 - 2014-07-04 10:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 16:24 - 2013-08-03 07:29 - 00000000 ____D () C:\Users\Hector\AppData\Local\Spotify
2015-01-19 14:51 - 2014-06-13 19:28 - 00000000 ____D () C:\Users\Hector\Documents\Dibujos
2015-01-19 13:14 - 2014-11-23 13:57 - 00434440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 12:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-15 01:24 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-15 01:23 - 2013-09-07 13:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 01:16 - 2013-03-23 21:13 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 11:22 - 2014-11-20 22:29 - 00000000 ____D () C:\Program Files (x86)\ePSXe
2015-01-06 00:28 - 2014-07-11 15:31 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 00:28 - 2014-07-11 15:31 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 12:14 - 2013-03-23 21:16 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-29 17:27 - 2013-11-19 21:54 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\dvdcss
2014-12-26 20:21 - 2014-11-21 01:18 - 00000000 ____D () C:\Users\Hector\Documents\Proyectos
2014-12-26 01:32 - 2014-07-05 11:25 - 00000000 ____D () C:\Users\Hector\Documents\Escritos

==================== Files in the root of some directories =======
2013-09-01 16:33 - 2013-09-01 16:33 - 0000058 _____ () C:\Users\Hector\AppData\Roaming\WB.CFG
2013-09-01 16:33 - 2013-09-01 16:33 - 0000005 _____ () C:\Users\Hector\AppData\Roaming\WBPU-TTL.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 13:42

==================== End Of Log ============================
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\torch\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\torch\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\torch\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\torch\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	
C:\FRST\Quarantine\C\ProgramData\pbajgboomnojkaegggjkieggjabhaben\pbajgboomnojkaegggjkieggjabhaben\gSYel.js	JS/Kryptik.ATB trojan	
C:\Program Files (x86)\TampaGeneration\TampaGeneration.dll	a variant of Win32/SProtector.L potentially unwanted application	
C:\ProgramData\InstallMate\{A6BBADAB-632E-4F33-ADD8-2B0C7D588F5D}\Custom.dll	Win32/InstalleRex.M potentially unwanted application	
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\DefaultBackup\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\DefaultBackup\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\DefaultBackup\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\DefaultBackup\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js	JS/Kryptik.ATB trojan	
C:\Users\All Users\InstallMate\{A6BBADAB-632E-4F33-ADD8-2B0C7D588F5D}\Custom.dll	Win32/InstalleRex.M potentially unwanted application	
C:\Users\Hector\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\Hector\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\Hector\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js	JS/Kryptik.ATB trojan	
C:\Users\Hector\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\Hector\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\Hector\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js	JS/Kryptik.ATB trojan	
C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\extensions\ue6_csl@uqbxtjtabu.com\content\bg.js	JS/Kryptik.ATL trojan	
C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (1).exe	a variant of Win32/Adware.MultiPlug.ED application	
C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria (2).exe	a variant of Win32/Adware.MultiPlug.ED application	
C:\Users\Hector\Downloads\1957-Mejor peli extranjera-Las noches de Cabiria.exe	a variant of Win32/Adware.MultiPlug.ED application	
C:\Users\Hector\Downloads\Descarga desde Identi (MEGA).exe	a variant of Win32/Adware.MultiPlug.ED application	
C:\Users\Hector\Downloads\FileDownloadedSuccessfully_downloader-N1cw65W2Q.exe	Win32/Somoto.G potentially unwanted application	
C:\Users\Hector\Downloads\FileDownloadedSuccessfully_downloader-N9PX3TSDB.exe	Win32/Somoto.G potentially unwanted application	
C:\Users\Hector\Downloads\FLVPlayer-Chrome (1).exe	NSIS/TrojanDownloader.Adload.AA trojan	
C:\Users\Hector\Downloads\FLVPlayer-Chrome (2).exe	NSIS/TrojanDownloader.Adload.AA trojan	
C:\Users\Hector\Downloads\FLVPlayer-Chrome (3).exe	NSIS/TrojanDownloader.Adload.AA trojan	
C:\Users\Hector\Downloads\FLVPlayer-Chrome (4).exe	NSIS/TrojanDownloader.Adload.AA trojan	
C:\Users\Hector\Downloads\FLVPlayer-Chrome (5).exe	NSIS/TrojanDownloader.Adload.AA trojan	
C:\Users\Hector\Downloads\FLVPlayer-Chrome.exe	NSIS/TrojanDownloader.Adload.AA trojan	
C:\Users\Hector\Downloads\GTR.PR.Sofw.By.CompucaliTv.Com.rar.exe	a variant of Win32/Adware.MultiPlug.EI application	
C:\Users\Hector\Downloads\Installation.exe	a variant of Win32/OutBrowse.BQ potentially unwanted application	
C:\Users\Hector\Downloads\radiohead hail to the thief torrent.zip_10924_i5823623_il345.exe	Win32/Amonetize.CW potentially unwanted application	
C:\Users\Hector\Downloads\Setup.exe	a variant of Win32/SoftPulse.B potentially unwanted application	
C:\Users\Hector\Downloads\YourFile_downloader.exe	a variant of Win32/ExpressDownloader.K potentially unwanted application	
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js	JS/Kryptik.ATB trojan	
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js	JS/Kryptik.ATB trojan	
C:\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js	JS/Kryptik.ATB trojan	
C:\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js	JS/Kryptik.ATB trojan	
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js	JS/Kryptik.ATB trojan	
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js	JS/Kryptik.ATB trojan	
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js	JS/Kryptik.ATB trojan	
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir	Win32/NextLive.A potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\Temp\Spigot\SearchProtectionStub.exe.vir	a variant of Win32/Toolbar.Widgi.G potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\torch\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\torch\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\torch\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Local\torch\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\user.js.vir	JS/SecurityDisabler.B potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\kkb94@bsp-.co.uk\content\bg.js.vir	JS/Kryptik.ATL trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\lexdnt64.default\Extensions\wotsaeua@kcucbbxt.co.uk\content\bg.js.vir	JS/Kryptik.ATL trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hcgaklpigojojmdokapjhchoepfbaneh\2.1\pe3ejHG.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\125\sGhPKtNfLZt.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfcffkicdbigkcahpbdpbnbmagijbpip\1.0\BsRVlY.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hbfgmfghioliinfdmameigamkjkgging\5.14\dRPV.js.vir	JS/Kryptik.ATB trojan	cleaned by deleting - quarantined



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:06 PM

Posted 23 January 2015 - 09:16 AM

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 RomanPolanski

RomanPolanski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 24 January 2015 - 05:50 AM

Hello, thanks a lot for your help, enjoy the beer :)

# DelFix v10.8 - Logfile created 24/01/2015 at 11:45:04
# Updated 29/07/2014 by Xplode
# Username : Hector - EQUIPO_HECTOR
# Operating System : Windows 8 Pro  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.43_20.01.2015_15.49.46_log.txt
Deleted : C:\Users\Hector\Desktop\Addition.txt
Deleted : C:\Users\Hector\Desktop\AdwCleaner.exe
Deleted : C:\Users\Hector\Desktop\AdwCleaner[S2].txt
Deleted : C:\Users\Hector\Desktop\dds.txt
Deleted : C:\Users\Hector\Desktop\Fixlog.txt
Deleted : C:\Users\Hector\Desktop\FRST(2).txt
Deleted : C:\Users\Hector\Desktop\FRST(3).txt
Deleted : C:\Users\Hector\Desktop\FRST.txt
Deleted : C:\Users\Hector\Desktop\FRST64.exe
Deleted : C:\Users\Hector\Desktop\JRT.exe
Deleted : C:\Users\Hector\Desktop\JRT.txt
Deleted : C:\Users\Hector\Desktop\tdsskiller.zip
Deleted : C:\Users\Hector\Downloads\Addition.txt
Deleted : C:\Users\Hector\Downloads\AdwCleaner.exe
Deleted : C:\Users\Hector\Downloads\adwcleaner_4.108.exe
Deleted : C:\Users\Hector\Downloads\dds.com
Deleted : C:\Users\Hector\Downloads\FRST.txt
Deleted : C:\Users\Hector\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #72 [Punto de control programado | 01/06/2015 21:41:59]
Deleted : RP #73 [Windows Update | 01/15/2015 00:16:14]
Deleted : RP #74 [Windows Update | 01/23/2015 19:55:38]

New restore point created !

########## - EOF - ##########



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:06 PM

Posted 24 January 2015 - 06:34 AM

Thanks for the donation. :)

Do you have any further questions before I close this topic as solved?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 RomanPolanski

RomanPolanski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 25 January 2015 - 05:24 AM

You're welcome.

 

No, that's all, thanks for everything.



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:06 PM

Posted 25 January 2015 - 06:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users