Hello, I would like some help because I keep getting this annoying pop up window from my antivirus. I'm not sure what it causes it but from what I've read in forums it seems to be a spyware.
I'm running windows 7 on my macbook pro for reasons.... but this problem is not limited to this computer. My sister have the same antivirus ESET Smart Security and she also have the same problem.
Here are the windows that pops up.
(since the picture is in spanish i'll tell you what it says:
Outbound traffic
Internet
Application: System
Publisher: unknown
Remote computer: amazonaws)
![]()
![]()
I know I could disable the pop up windows from my antivirus options but the problem is that I shouldn't have to. I would like to remove this spyware for good. Also every time this windows appear it messes up utorrent, although it's probably another different issue.
Oh and before i found about this forum it took an advice and run combofix. I read it would solved my problem in another forum. Probably was not the best idea, sorry. Anyway the windows don't pop up as much as before but they still appear.
So please let me know what I could do to solve this and remove it.
Thanks a lot for your help.
Here is the DDS text:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.31.2
Run by Eduardo at 9:42:26 on 2015-03-20
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.16295.14958 [GMT -5:00]
.
AV: ESET Smart Security 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Firewall personal de ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\kmsem\KMService.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CleanMem\mini_monitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uProxyServer = 172.25.0.209:80
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [MacsFanControl] "C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe" /minimized
uRun: [Mal Updater 2] C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Captura URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Capturar esta pagina - <no file>
IE: Capturar imagen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Capturar seleccion - <no file>
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nueva Nota - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{642342B0-58BC-4A13-ABE3-739078F4B495} : DHCPNameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{7BC184AB-275C-4AA1-A278-2F12A096465A} : DHCPNameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{FBC75C51-5B1D-451C-A338-8F38297D4079} : DHCPNameServer = 10.211.55.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\
FF - prefs.js: browser.search.selectedEngine - GoogleTranslate
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 0c9621bc00000000000068a86d40aa96
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16173
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.318:33:48
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-6-29 72024]
R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-6-29 16216]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-9-18 74432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-25 203776]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2011-6-29 224640]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2011-6-29 111488]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ClickToRunSvc;Servicio Hacer clic y ejecutar de Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-8-25 2714800]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2011-6-29 17752]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2011-6-29 22872]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-2-4 187072]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2015-3-9 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-13 129600]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-9-23 5087584]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-25 2655768]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2015-2-12 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2015-2-12 302968]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2012-3-25 18944]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\System32\drivers\applemtm.sys [2012-3-25 12288]
R3 applemtp;Apple Multitouch;C:\Windows\System32\drivers\applemtp.sys [2009-11-18 37888]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-3-25 85544]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2012-3-25 18432]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2012-3-25 18432]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2012-3-25 32256]
R3 MT_TRACKPAD;MT test;C:\Windows\System32\drivers\mt_trackpad.sys [2014-4-14 16384]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-9-18 129472]
R3 trackpad_plus_plus_x64;trackpad_plus_plus_x64 Service;C:\Windows\System32\drivers\trackpad_plus_plus_x64.sys [2013-12-22 11136]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-14 114688]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-9-9 96184]
S3 prl_dd;Parallels Display Adapter (WDDM);C:\Windows\System32\drivers\prl_kmdd.sys [2011-9-13 156424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-7 19456]
S3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-12-30 39592]
S3 rzmpos;rzmpos;C:\Windows\System32\drivers\rzmpos.sys [2014-12-30 35496]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-12-30 177832]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-12-7 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-7 30208]
S3 WatAdminSvc;Servicio de tecnologias de activacion de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-25 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-03-20 06:25:37 11910896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE669658-B3DF-4D2E-9D1A-61570AC545FC}\mpengine.dll
2015-03-19 07:17:13 -------- d-sh--w- C:\$RECYCLE.BIN
2015-03-14 17:34:59 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-03-14 17:33:07 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-03-10 02:21:08 -------- d-----w- C:\Program Files\Western Digital
2015-03-10 02:14:03 37184 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2015-02-22 17:02:15 -------- d-----w- C:\Users\Eduardo\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-02-24 15:57:46 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-24 08:17:24 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-18 02:28:37 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-18 02:28:37 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-12 07:55:50 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2015-02-04 03:16:35 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-02-04 02:54:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-31 03:48:54 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-31 03:48:54 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-30 23:56:52 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-17 02:48:38 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-01-17 02:30:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
.
============= FINISH: 9:43:29.92 ===============
I'm running windows 7 on my macbook pro for reasons.... but this problem is not limited to this computer. My sister have the same antivirus ESET Smart Security and she also have the same problem.
Here are the windows that pops up.
(since the picture is in spanish i'll tell you what it says:
Outbound traffic
Internet
Application: System
Publisher: unknown
Remote computer: amazonaws)
I know I could disable the pop up windows from my antivirus options but the problem is that I shouldn't have to. I would like to remove this spyware for good. Also every time this windows appear it messes up utorrent, although it's probably another different issue.
Oh and before i found about this forum it took an advice and run combofix. I read it would solved my problem in another forum. Probably was not the best idea, sorry. Anyway the windows don't pop up as much as before but they still appear.
So please let me know what I could do to solve this and remove it.
Thanks a lot for your help.
Here is the DDS text:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.31.2
Run by Eduardo at 9:42:26 on 2015-03-20
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.16295.14958 [GMT -5:00]
.
AV: ESET Smart Security 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Firewall personal de ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\kmsem\KMService.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CleanMem\mini_monitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uProxyServer = 172.25.0.209:80
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [MacsFanControl] "C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe" /minimized
uRun: [Mal Updater 2] C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Captura URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Capturar esta pagina - <no file>
IE: Capturar imagen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Capturar seleccion - <no file>
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nueva Nota - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{642342B0-58BC-4A13-ABE3-739078F4B495} : DHCPNameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{7BC184AB-275C-4AA1-A278-2F12A096465A} : DHCPNameServer = 200.48.225.146 200.48.225.130
TCP: Interfaces\{FBC75C51-5B1D-451C-A338-8F38297D4079} : DHCPNameServer = 10.211.55.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\y6q9g9od.default\
FF - prefs.js: browser.search.selectedEngine - GoogleTranslate
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 0c9621bc00000000000068a86d40aa96
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16173
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.318:33:48
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-6-29 72024]
R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-6-29 16216]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-9-18 74432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-25 203776]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2011-6-29 224640]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2011-6-29 111488]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ClickToRunSvc;Servicio Hacer clic y ejecutar de Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-8-25 2714800]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2011-6-29 17752]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2011-6-29 22872]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-2-4 187072]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2015-3-9 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-13 129600]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-9-23 5087584]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-25 2655768]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2015-2-12 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2015-2-12 302968]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2012-3-25 18944]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\System32\drivers\applemtm.sys [2012-3-25 12288]
R3 applemtp;Apple Multitouch;C:\Windows\System32\drivers\applemtp.sys [2009-11-18 37888]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-3-25 85544]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2012-3-25 18432]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2012-3-25 18432]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2012-3-25 32256]
R3 MT_TRACKPAD;MT test;C:\Windows\System32\drivers\mt_trackpad.sys [2014-4-14 16384]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-9-18 129472]
R3 trackpad_plus_plus_x64;trackpad_plus_plus_x64 Service;C:\Windows\System32\drivers\trackpad_plus_plus_x64.sys [2013-12-22 11136]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-14 114688]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-9-9 96184]
S3 prl_dd;Parallels Display Adapter (WDDM);C:\Windows\System32\drivers\prl_kmdd.sys [2011-9-13 156424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-7 19456]
S3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-12-30 39592]
S3 rzmpos;rzmpos;C:\Windows\System32\drivers\rzmpos.sys [2014-12-30 35496]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-12-30 177832]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-12-7 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-7 30208]
S3 WatAdminSvc;Servicio de tecnologias de activacion de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-25 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-03-20 06:25:37 11910896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE669658-B3DF-4D2E-9D1A-61570AC545FC}\mpengine.dll
2015-03-19 07:17:13 -------- d-sh--w- C:\$RECYCLE.BIN
2015-03-14 17:34:59 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-03-14 17:33:07 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-03-10 02:21:08 -------- d-----w- C:\Program Files\Western Digital
2015-03-10 02:14:03 37184 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2015-02-22 17:02:15 -------- d-----w- C:\Users\Eduardo\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-02-24 15:57:46 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-24 08:17:24 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-18 02:28:37 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-18 02:28:37 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-12 07:55:50 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2015-02-04 03:16:35 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-02-04 02:54:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-31 03:48:54 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-31 03:48:54 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-30 23:56:52 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-17 02:48:38 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-01-17 02:30:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
.
============= FINISH: 9:43:29.92 ===============