ComboFix 15-11-27.01 - Emilio 28/11/2015 0:20.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.4044.2236 [GMT 1:00] Running from: c:\users\Emilio\Downloads\ComboFix.exe AV: Kaspersky Total Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} FW: Kaspersky Total Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300} SP: Kaspersky Total Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\TEMP\prfC465.tmp c:\windows\msdownld.tmp c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2015-10-27 to 2015-11-27 ))))))))))))))))))))))))))))))) . . 2015-11-27 23:34 . 2015-11-27 23:34 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2015-11-27 23:34 . 2015-11-27 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-11-27 23:20 . 2015-11-27 23:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76B11719-E665-43D1-99D0-E9B43F0C4F01}\offreg.2808.dll 2015-11-27 18:32 . 2015-11-27 18:32 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76B11719-E665-43D1-99D0-E9B43F0C4F01}\offreg.3456.dll 2015-11-27 18:23 . 2015-11-27 18:23 -------- d-----w- c:\program files (x86)\Avira 2015-11-27 18:23 . 2015-11-27 18:23 -------- d-----w- c:\programdata\Avira 2015-11-27 18:12 . 2015-11-27 22:21 -------- dc----w- c:\users\Emilio\AppData\Local\MigWiz 2015-11-27 14:37 . 2015-11-27 14:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76B11719-E665-43D1-99D0-E9B43F0C4F01}\offreg.6904.dll 2015-11-27 14:26 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76B11719-E665-43D1-99D0-E9B43F0C4F01}\mpengine.dll 2015-11-27 02:03 . 2015-11-27 02:03 -------- d-----w- c:\programdata\simplitec 2015-11-27 01:56 . 2015-11-27 01:58 -------- d-----w- C:\AdwCleaner 2015-11-26 23:07 . 2015-11-26 23:07 -------- d-----w- C:\HP_TOOLS_mountHPSF 2015-11-26 22:04 . 2015-11-26 22:04 0 ----a-w- c:\windows\SysWow64\shoC371.tmp 2015-11-26 19:30 . 2015-11-26 19:30 -------- d-----w- c:\users\Emilio\AppData\Local\8DIO 2015-11-26 19:24 . 2015-11-26 19:24 -------- d-----w- c:\program files (x86)\8Dio Productions 2015-11-24 21:06 . 2015-11-24 21:06 -------- d-----w- c:\program files (x86)\Harmony Assistant 2015-11-23 19:06 . 2015-11-23 19:06 -------- d-----w- c:\users\Emilio\AppData\Local\Nico Mak Computing 2015-11-23 19:06 . 2015-11-23 19:17 -------- d-----w- c:\users\Emilio\AppData\Local\WinZip 2015-11-23 19:05 . 2015-11-23 19:05 -------- d-----w- c:\program files\WinZip 2015-11-19 19:23 . 2015-11-19 19:23 -------- d-----w- c:\users\Emilio\AppData\Roaming\Leadertech 2015-11-18 12:16 . 2015-11-18 12:16 -------- d-----w- c:\program files (x86)\Classical Archives 2015-11-18 00:45 . 2015-11-18 00:45 0 ----a-w- c:\windows\SysWow64\shoF50B.tmp 2015-11-18 00:17 . 2015-11-18 00:19 -------- d-----w- c:\programdata\East West 2015-11-13 11:08 . 2015-11-13 11:08 -------- d-----w- c:\program files\McAfee Security Scan 2015-11-12 13:52 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys 2015-11-10 22:55 . 2015-10-30 23:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2015-11-10 22:52 . 2015-10-20 01:05 1461760 ----a-w- c:\windows\system32\lsasrv.dll 2015-11-10 22:50 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys 2015-11-10 22:50 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys 2015-11-10 22:50 . 2015-10-29 17:50 342016 ----a-w- c:\windows\system32\apphelp.dll 2015-11-10 22:50 . 2015-10-29 17:49 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2015-11-10 22:50 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dll 2015-11-10 22:50 . 2015-10-29 17:50 72192 ----a-w- c:\windows\system32\aelupsvc.dll 2015-11-10 22:50 . 2015-10-29 17:50 23552 ----a-w- c:\windows\system32\sdbinst.exe 2015-11-10 22:50 . 2015-10-29 17:49 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe 2015-11-10 22:50 . 2015-10-29 17:50 5120 ----a-w- c:\windows\SysWow64\shimeng.dll 2015-11-10 22:50 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys 2015-11-10 22:49 . 2015-10-01 17:50 1415168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll 2015-11-10 22:49 . 2015-10-01 18:00 2103296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2015-11-10 22:49 . 2015-10-01 18:00 1372160 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2015-11-10 22:49 . 2015-10-01 17:50 939520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2015-11-10 22:49 . 2015-10-01 18:00 275456 ----a-w- c:\windows\system32\InkEd.dll 2015-11-10 22:49 . 2015-10-01 17:50 216064 ----a-w- c:\windows\SysWow64\InkEd.dll 2015-11-10 22:49 . 2015-10-01 18:00 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll 2015-11-10 22:49 . 2015-10-01 17:50 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll 2015-11-10 22:49 . 2015-10-01 18:00 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll 2015-11-10 22:49 . 2015-10-01 17:50 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll 2015-10-30 18:35 . 2015-10-30 18:35 -------- d-----w- c:\users\Emilio\AppData\Local\Apple Computer 2015-10-30 18:35 . 2015-10-30 18:36 -------- d-----w- c:\users\Emilio\AppData\Roaming\Apple Computer 2015-10-30 18:33 . 2015-10-30 18:33 -------- d-----w- c:\programdata\Apple Computer 2015-10-30 18:28 . 2015-10-30 18:28 -------- d-----w- c:\users\Emilio\AppData\Local\Apple 2015-10-30 18:27 . 2015-10-30 18:27 -------- d-----w- c:\program files (x86)\Apple Software Update 2015-10-30 18:26 . 2015-10-30 18:26 -------- d-----w- c:\program files\Bonjour 2015-10-30 18:26 . 2015-10-30 18:26 -------- d-----w- c:\program files (x86)\Bonjour 2015-10-30 18:26 . 2015-11-17 23:55 -------- d-----w- c:\program files\Common Files\Apple 2015-10-30 18:25 . 2015-10-30 18:27 -------- d-----w- c:\programdata\Apple 2015-10-30 18:25 . 2015-10-30 18:27 -------- d-----w- c:\program files (x86)\Common Files\Apple . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-10-29 17:50 . 2015-11-10 22:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2015-10-29 17:50 . 2015-11-10 22:50 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-10-29 17:50 . 2015-11-10 22:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2015-10-29 17:50 . 2015-11-10 22:50 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-10-29 17:49 . 2015-11-10 22:50 562176 ----a-w- c:\windows\apppatch\AcLayers.dll 2015-10-29 17:49 . 2015-11-10 22:50 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-10-29 17:49 . 2015-11-10 22:50 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-10-29 17:49 . 2015-11-10 22:50 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2015-10-29 17:39 . 2015-11-10 22:50 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2015-10-27 17:43 . 2013-01-18 09:07 145617392 ----a-w- c:\windows\system32\MRT.exe 2015-10-20 00:45 . 2015-11-10 22:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-10-12 13:30 . 2013-01-15 20:23 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-10-12 13:30 . 2013-01-15 20:23 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-10-12 13:29 . 2015-10-12 13:29 18306248 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2015-10-01 18:06 . 2015-10-14 07:35 692672 ----a-w- c:\windows\system32\winload.efi 2015-10-01 18:04 . 2015-10-14 07:35 616360 ----a-w- c:\windows\system32\winresume.efi 2015-10-01 18:00 . 2015-10-14 07:35 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-10-01 18:00 . 2015-10-14 07:35 59392 ----a-w- c:\windows\system32\appidapi.dll 2015-10-01 18:00 . 2015-10-14 07:35 32768 ----a-w- c:\windows\system32\appidsvc.dll 2015-10-01 18:00 . 2015-10-14 07:35 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-10-01 18:00 . 2015-10-14 07:35 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-10-01 17:50 . 2015-10-14 07:35 50688 ----a-w- c:\windows\SysWow64\appidapi.dll 2015-10-01 17:00 . 2015-10-14 07:35 61440 ----a-w- c:\windows\system32\drivers\appid.sys 2015-09-18 19:22 . 2015-10-15 07:34 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-09-18 19:19 . 2015-10-15 07:34 700416 ----a-w- c:\windows\system32\invagent.dll 2015-09-18 19:19 . 2015-10-15 07:34 766464 ----a-w- c:\windows\system32\generaltel.dll 2015-09-18 19:19 . 2015-10-15 07:34 503808 ----a-w- c:\windows\system32\devinv.dll 2015-09-18 19:19 . 2015-10-15 07:34 1291264 ----a-w- c:\windows\system32\appraiser.dll 2015-09-18 19:19 . 2015-10-15 07:34 73216 ----a-w- c:\windows\system32\acmigration.dll 2015-09-18 19:09 . 2015-10-15 07:34 1163776 ----a-w- c:\windows\system32\aeinv.dll 2015-09-02 03:04 . 2015-09-08 20:36 41984 ----a-w- c:\windows\system32\lpk.dll 2015-09-02 03:04 . 2015-09-08 20:36 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-09-02 03:04 . 2015-09-08 20:36 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-09-02 03:04 . 2015-09-08 20:36 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-09-02 02:48 . 2015-09-08 20:36 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-09-02 02:48 . 2015-09-08 20:36 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-09-02 02:48 . 2015-09-08 20:36 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-09-02 02:47 . 2015-09-08 20:36 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-09-02 01:47 . 2015-09-08 20:36 372736 ----a-w- c:\windows\system32\atmfd.dll 2015-09-02 01:33 . 2015-09-08 20:36 299520 ----a-w- c:\windows\SysWow64\atmfd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}" [HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}] 2015-03-09 19:16 552232 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2015-09-24 40336] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992] "Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-11-03 66320] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Actualizar notificador.lnk - c:\program files\WinZip\WZUpdateNotifier.exe [2015-10-23 1143008] FAH.lnk - c:\program files\WinZip\FAHConsole.exe [2015-10-23 435424] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.226\SSScheduler.exe [2015-10-30 330456] WinZip Preloader.lnk - c:\program files\WinZip\WzPreloader.exe [2015-10-23 124128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x] R3 cpuz138;cpuz138;c:\users\Emilio\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Emilio\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 ka6avs;Komplete Audio 6 WDM Audio;c:\windows\system32\Drivers\ka6avs.sys;c:\windows\SYSNATIVE\Drivers\ka6avs.sys [x] R3 ka6usb_svc;Komplete Audio 6;c:\windows\system32\Drivers\ka6usb.sys;c:\windows\SYSNATIVE\Drivers\ka6usb.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.226\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.226\McCHSvc.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 AVP15.0.1;Servicio Kaspersky Anti-Virus 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 NIWinCDEmu;ISO Mounter driver;c:\windows\system32\DRIVERS\NIWinCDEmu.sys;c:\windows\SYSNATIVE\DRIVERS\NIWinCDEmu.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-11-10 21:58 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 13:30] . 2015-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-15 19:47] . 2015-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-15 19:47] . 2014-12-15 c:\windows\Tasks\HPCeeScheduleForEmilio.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . 2015-11-27 c:\windows\Tasks\Nero TuneItUp PRO (Tray).job - c:\program files (x86)\Nero\Nero TuneItUp\ServiceProvider.exe [2015-10-01 12:55] . 2015-11-27 c:\windows\Tasks\Nero TuneItUp PRO.job - c:\program files (x86)\Nero\Nero TuneItUp\tuneitup.exe [2015-10-01 12:55] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}" [HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}] 2015-03-09 19:16 726312 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-05-30 1425408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-12-16 21720] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback>;*.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll FF - ProfilePath - c:\users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\i2asf1li.default-1409649196549\ FF - prefs.js: browser.search.selectedEngine - webssearches . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-foxtab - c:\program files (x86)\Foxtab\1.8.12.0\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-11-28 00:46:59 ComboFix-quarantined-files.txt 2015-11-27 23:46 . Pre-Run: 676.433.920 bytes libres Post-Run: 171.057.152 bytes libres . - - End Of File - - CB86B111B893380B58B6167A3C771D1E