[Windows 8 very slow]

Hi Chuck,

Thanks a lot for your help. Slowness has relieved, but Windows Update service suddenly eats a lot of memory and I have to wait to finish in order to come back to work. Below log created by Delfix:

 

# DelFix v1.013 - Logfile created 28/04/2017 at 11:35:49

# Updated 17/04/2016 by Xplode

# Username : LGONCALVES - NU0106E12

# Operating System : Windows 8 Pro  (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\_OTL

Deleted : C:\AdwCleaner

Deleted : HKLM\SOFTWARE\OldTimer Tools

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #198 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 04/07/2017 21:02:10]

Deleted : RP #200 [JRT Pre-Junkware Removal | 04/18/2017 19:16:34]

Deleted : RP #201 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 04/21/2017 19:09:17]

Deleted : RP #202 [JRT Pre-Junkware Removal | 04/22/2017 20:55:51]

Deleted : RP #203 [JRT Pre-Junkware Removal | 04/22/2017 21:34:50]

Deleted : RP #204 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 04/23/2017 12:32:38]

Deleted : RP #205 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 04/24/2017 18:16:20]

Deleted : RP #206 [OTL Restore Point - 25-04-2017 05:40:57 p.m. | 04/25/2017 21:40:57]

Deleted : RP #207 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 04/27/2017 18:15:18]

 

New restore point created !

 

########## - EOF - ##########

[Windows 8 very slow]

Hi Chuck,

Thank you very much for your help. Below OTL log:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-182186785-877161024-3379391946-3456\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-182186785-877161024-3379391946-3456\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-182186785-877161024-3379391946-3456\Software\Microsoft\Internet Explorer\SearchScopes\{33CCF0C3-815C-47AB-BE3C-49B3552B242B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33CCF0C3-815C-47AB-BE3C-49B3552B242B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Extensions\net.openvpn.client folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Extensions folder moved successfully.
Folder C:\Users\lgoncalves\AppData\Roaming\mozilla\Extensions\net.openvpn.client\ not found.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\plugins folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\components folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\zh-TW folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\zh-CN folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\uk-UK folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\sk-SK folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\ru-RU folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\ro-RO folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\pt-PT folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\pt-BR folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\pl-PL folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\ko-KR folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\ja-JP folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\it-IT folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\hu-HU folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\he-IL folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\fr-FR folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\es-ES folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\en-US folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\de-DE folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale\cs-CZ folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\locale folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected] folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\platform folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected] folder moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions folder moved successfully.
File C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] not found.
File C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] not found.
File C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] not found.
File C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] not found.
File C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] not found.
File C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi not found.
C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected] moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected] moved successfully.
C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected] moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\extensions folder moved successfully.
C:\Program Files (x86)\mozilla firefox\updated\browser\extensions folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\descriptions folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\skin\xp folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\skin folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\zh folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\te folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ta folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\pt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\nb folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ms folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\mr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ml folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\kn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\iw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\gu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\fa folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\bn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\am folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\popup_partials folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\data folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\cast_setup folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\he folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en_US folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanjhffnbochejifidgcbmnlehfgjkl\2_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\pt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\nb folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\eu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\lib\libs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\lib folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\data\js\libs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\data\js folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\data\images folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\data\css folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\data folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\tl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\nb folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\iw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\in folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\images folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\css folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpobnhohpnogiaipphaknihlopgbacf\0.90_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\en_US folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\scripts\zip folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\scripts\mathjax folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\scripts folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\images\covers folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\images folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\icons\devBuild folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\icons folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\fonts folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\font-faces\OpenDyslexic folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\font-faces\Open-Sans folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\font-faces\Noto-Serif folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\font-faces folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\css folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\te folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ta folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\sw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\nb folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ms folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\mr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ml folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\kn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\he folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\gu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\fake_bidi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\fa folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\bn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales\am folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_HK folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ur folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\te folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ta folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\si folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\no folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ne folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ms folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\mr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\mn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ml folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lo folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\kn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\km folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ka folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\iw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\is folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hy folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\gu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\gl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fr_CA folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fa folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\eu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\en_US folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\bn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\az folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\am folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\af folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0\_locales\en_US folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0\web\assets\logos folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0\web\assets folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0\web folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk\1.0.3_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk\1.0.3_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio\1.2.1_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio\1.2.1_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio\1.2.1_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio\1.2.1_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio\1.2.1_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\te folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ta folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\sw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\nb folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ms folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\mr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ml folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\kn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\he folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\gu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\fa folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\bn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales\am folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\styles folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\scripts folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\images_5 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nb folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es_419 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en_GB folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\js folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\images folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\css folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_metadata folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\zh_TW folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\zh folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\vi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\uk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\tr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\th folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\te folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ta folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\sw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\sv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\sr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\sl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\sk folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ru folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ro folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\pt_PT folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\pt_BR folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\pt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\pl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\nl folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\nb folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ms folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\mr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ml folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\lv folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\lt folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ko folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\kn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ja folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\iw folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\it folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\id folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\hu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\hr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\hi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\gu folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\fr folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\fil folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\fi folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\fa folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\et folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\es folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\en folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\el folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\de folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\da folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\cs folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ca folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\bn folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\bg folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\ar folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales\am folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\_locales folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\cloud_route_details folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\cast_setup folder moved successfully.
C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-182186785-877161024-3379391946-3456\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Enviar a OneNote\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: Administrador
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: DefaultAppPool
 
User: JSAAVEDRA
 
User: lgoncalves
->Java cache emptied: 108000508 bytes
 
User: Public
 
User: vgalindez
 
Total Java Files Cleaned = 103,00 mb
 
 
[EMPTYFLASH]
 
User: Administrador
->Flash cache emptied: 506 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: DefaultAppPool
 
User: JSAAVEDRA
 
User: lgoncalves
->Flash cache emptied: 14611 bytes
 
User: Public
 
User: vgalindez
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrador
->Temp folder emptied: 215470 bytes
->Temporary Internet Files folder emptied: 203828 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: JSAAVEDRA
->Temp folder emptied: 581172 bytes
->Temporary Internet Files folder emptied: 1432562 bytes
 
User: lgoncalves
->Temp folder emptied: 2211328605 bytes
->Temporary Internet Files folder emptied: 152184741 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 281747187 bytes
->Google Chrome cache emptied: 418335122 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: vgalindez
->Temp folder emptied: 210912 bytes
->Temporary Internet Files folder emptied: 873040 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1122664 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 220299137 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 18212491 bytes
 
Total Files Cleaned = 3.154,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 04252017_172517

Files\Folders moved on Reboot...
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_7B478ACEFD194379A822\5361d197-2bab-46a3-bb54-67039d2c2289.0.db\Tabla diferencia_d21e824e-1a95-4705-beb6-4b30217728d6.0.dim\1.R$Tabla diferencia_d21e824e-1a95-4705-beb6-4b30217728d6$95689513-a78f-4146-8ac8-f9e5abe3b8ea.INDEX.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_7B478ACEFD194379A822\5361d197-2bab-46a3-bb54-67039d2c2289.0.db\Tabla diferencia_d21e824e-1a95-4705-beb6-4b30217728d6.0.dim\R$Tabla diferencia_d21e824e-1a95-4705-beb6-4b30217728d6$95689513-a78f-4146-8ac8-f9e5abe3b8ea.1.tbl.xml not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$DS Bytes.ID_TO_POS.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$DS Bytes.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$DS Packets.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$US Bytes.ID_TO_POS.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$US Bytes.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$US Packets.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\2.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$macaddr.ID_TO_POS.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\2.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$macaddr.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\3.R$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$75acac5d-5e3f-459a-a98b-05bd7486d626.INDEX.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_664CCDE0D0B84D99941C\955B4EE98F3F4E8CAA30.7.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\R$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$75acac5d-5e3f-459a-a98b-05bd7486d626.3.tbl.xml not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_5A5042E64EA24E40BECA\73e1be65-623d-4860-9165-5431446cafa5.0.db\Tabla diferencia_ad414ae9-a4bb-4b11-ba8c-c3b7c3bef4d5.0.dim\R$Tabla diferencia_ad414ae9-a4bb-4b11-ba8c-c3b7c3bef4d5$e873d4e1-e991-4687-8d63-228117160ae3.1.tbl.xml not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_59F649B563A841BA93C3\f0017f6e-1715-467d-9955-889613fe310c.0.db\Tabla diferencia_3698870e-4831-4d68-a62d-596b0cf6025b.0.dim\1.R$Tabla diferencia_3698870e-4831-4d68-a62d-596b0cf6025b$2cf83d11-0052-4af8-be63-825b4d7d5ea5.INDEX.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_59F649B563A841BA93C3\f0017f6e-1715-467d-9955-889613fe310c.0.db\Tabla diferencia_3698870e-4831-4d68-a62d-596b0cf6025b.0.dim\R$Tabla diferencia_3698870e-4831-4d68-a62d-596b0cf6025b$2cf83d11-0052-4af8-be63-825b4d7d5ea5.1.tbl.xml not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$DS Bytes.ID_TO_POS.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$DS Bytes.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$DS Packets.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$macaddr.ID_TO_POS.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$macaddr.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$US Bytes.ID_TO_POS.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$US Bytes.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\0.H$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$US Packets.POS_TO_ID.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\1.R$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$75acac5d-5e3f-459a-a98b-05bd7486d626.INDEX.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_3458C87CE27C493289D5\C81087155E6F469EBBBF.4.db\Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9.0.dim\R$Paquetes descargados 1 marzo_1d4e198e-2ad6-4010-9f00-440dc76e0bf9$75acac5d-5e3f-459a-a98b-05bd7486d626.1.tbl.xml not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_106B48A5B36D4BE081D3\1666a752-d75d-4a8f-b6ba-e41d9b364c5f.0.db\Tabla diferencia_0290377a-4555-4979-a3c1-7f412998469a.0.dim\1.R$Tabla diferencia_0290377a-4555-4979-a3c1-7f412998469a$eb2dc9f4-3316-40eb-94df-d2bad2828a04.INDEX.0.idf not found!
File\Folder C:\Users\lgoncalves\AppData\Local\Temp\VertiPaq_106B48A5B36D4BE081D3\1666a752-d75d-4a8f-b6ba-e41d9b364c5f.0.db\Tabla diferencia_0290377a-4555-4979-a3c1-7f412998469a.0.dim\R$Tabla diferencia_0290377a-4555-4979-a3c1-7f412998469a$eb2dc9f4-3316-40eb-94df-d2bad2828a04.1.tbl.xml not found!
C:\Users\lgoncalves\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3384.log moved successfully.
C:\Windows\temp\Microsoft Operations Manager\MOMAgentScriptHost-ForefrontClientSecurity(B).mc8 moved successfully.
File\Folder C:\Windows\temp\Microsoft Operations Manager\MOMService(B).mc8 not found!
File move failed. C:\Windows\temp\lm\lgoncalves\aipflib.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\lgoncalves\LMutilps32.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[Windows 8 very slow]

Hi Chuck,

I have posted both OTL log: OTL.txt is below malware bytes log, in same post. But Extras.txt was posted separated. I will run again malwarebytes, as you said.

Best regards

[Windows 8 very slow]

Hi Chuck,

 

I have removed all threats in quarantine, but It does not show any log. Do you mean I should run a new scan?

 

Best regards

[Windows 8 very slow]

Hi Chuck,

I will post second log from OTL:

OTL Extras logfile created on: 23-04-2017 11:21:33 a.m. - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Data\Software\JRT
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17607)
Locale: 0000200a | Country: Republica Bolivariana de Venezuela | Language: ESV | Date Format: dd-MM-yyyy
 
3,82 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 37,36% Memory free
7,57 Gb Paging File | 3,94 Gb Available in Paging File | 51,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,42 Gb Total Space | 74,69 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: NU0106E12 | User Name: LGONCALVES | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09673159-5E1F-4059-AEC9-893105F26CFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0AE8FF0C-BF26-470D-A083-213E4B6B3710}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11C5E029-DC38-45B5-B080-F1B413145D2A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1DA98AAC-C9AF-449C-A907-D7A6EB685194}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2EA7FFC5-62FD-45E3-B634-DF79F387D5E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A2AA174-1B8C-46A3-AB6D-3785FB426807}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3E08A331-7EF1-4EFA-8E46-1376A5AFD985}" = lport=2701 | protocol=6 | dir=in | app=c:\windows\ccm\remctrl\cmrcservice.exe | 
"{3EAF02BC-9B44-4110-A58A-A0BA4B398BEB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{407254B2-2122-4F07-9F6E-D93C17BF562F}" = lport=1688 | protocol=6 | dir=out | app=c:\windows\[email protected] | 
"{45A64CCF-000F-4491-999E-88AB9CCAA575}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{5D563890-F44D-4749-BB39-AE75B7BF069C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5F3AC5D2-8EA7-4178-A8EA-1C8E156C20D1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{64A7FBF0-90EE-4963-9A9C-E85D16B1CD7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6B204FE0-3B7A-4A07-BB08-FE303F572197}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{705150AC-A603-4DB5-ABC5-09136AA7D1EC}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{74039615-D731-40E4-BC58-80B4714565FB}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | 
"{75158219-5F21-467F-A3E3-A97624F06380}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{82CBDB9C-91EA-4477-9277-34AF9C71FC9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E5143D7-9DA7-4804-A9EA-0FA88B280B33}" = lport=2701 | protocol=6 | dir=in | app=c:\windows\ccm\remctrl\cmrcservice.exe | 
"{8FD826C6-F699-47FC-9D97-FF1321359660}" = rport=445 | protocol=6 | dir=out | app=system | 
"{92429FF0-313B-4851-957C-81FB8561F0FB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{92D6CE97-B483-4730-98F3-BF9829800A24}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ABF3A516-3B8B-44C6-BA3C-3A22ACEF1A3A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{B8200637-6C07-4DEE-8B58-A11325598EF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE89722F-C3E5-40F2-80BC-2F06D53D8F2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF0B33E1-76B9-4BD0-80D8-5262AF54062E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BF7E06A7-2B7A-466B-874A-E27E96D334AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{C614D4AB-411A-47E7-A69A-4243C0C75C63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D48115BA-278C-48DF-ACB9-EEC75E0ED692}" = lport=1688 | protocol=6 | dir=in | app=c:\windows\[email protected] | 
"{DDB70C1A-1D87-4B80-83CA-45B82FE17058}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E445DFC8-8F47-436E-80D6-E5ACBC68428B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{F6F68762-9433-464E-89CB-E002FA29AB18}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FC980AAB-45FA-48FB-AEF7-CE787B96899A}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{FDE23DD5-BEFC-4535-9384-A96F23F81E7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FEA78360-B9AF-4EC3-B295-3AD2631077E1}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0068845E-AD98-4C62-808C-8A14F72C7043}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{00C044E8-9033-49FA-9EBB-D25272CF9E18}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{00CAA01A-2D62-4E7C-8591-00D163413E0B}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{013C776B-76F5-4F31-8A28-3CD5867A72E6}" = protocol=6 | dir=in | app=c:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe | 
"{01846BAF-5ED5-4414-B985-41F210891E3C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{018C1C6D-92F2-4453-A994-BB6E1D540902}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{01E47508-3F9F-4520-B859-1D0BD77211B7}" = protocol=6 | dir=in | app=c:\data\software\winbox\winbox_new.exe | 
"{03F7D0FF-31E8-4749-B0D2-A9786581022B}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc server\vncserver.exe | 
"{04A95213-717B-4242-B725-977B15D1FC7D}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{04D97A34-4A15-441A-8A6C-E7DCBB0C75FD}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{0A6DA6D3-2561-47DD-AEA7-1DE3CBA4CDE0}" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"{0BCFDE37-E4C3-457F-94BF-5670CE034E6A}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{0C4A824F-A422-496E-AFB5-2FDD3B77520D}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{0F6D8E9A-6760-46F8-91F4-51DEBAA14D74}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{10EE1C19-DC35-43B8-9601-A240E357249F}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{14C981C4-A328-44DA-948C-76AAAC86428B}" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe | 
"{156F9512-F3CE-4E57-BE82-07B9425949CD}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{1647C698-45E5-4753-80CE-CCB441EEED5B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{167C236F-06C6-49D3-AC17-D4CA16A06343}" = protocol=17 | dir=in | app=c:\program files (x86)\megaconf\exe\lan4cf.exe | 
"{16C35995-727B-44AB-AFB9-08CF03771D38}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{18008DB1-C9A1-45BE-9988-A221B95F3C78}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{19BADAA8-6402-40EB-84F8-94E9EFBE3F45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{19C79FB0-0333-4427-8C1C-75B1E7C84DA9}" = dir=out | name=@{microsoft.reader_6.2.9200.21766_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{19EC60D8-A5C7-4792-BEB8-6FDDC316054E}" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\vboxheadless.exe | 
"{1CD3C904-8284-4B2B-9250-2426F1FEDD76}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{1E733A17-A9F7-4910-B06B-6B50436EEC12}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{20A4AD65-43BC-4A2C-938B-94FD80B6175A}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{220F4581-C40F-47A1-9C16-F0ACBCA66FB5}" = protocol=17 | dir=in | app=c:\data\software\winscp\winscp406.exe | 
"{24272795-C1C5-4330-8E3C-0151F20B8EFE}" = protocol=6 | dir=in | app=c:\program files (x86)\watchguard\watchguard authentication client\wgssoclient.exe | 
"{24DCBA65-F439-4CA2-A73E-F8BA019FD7E8}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{267CA50A-7CCC-4EB4-9838-EC63995BB813}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{26F31B52-6CAA-49AE-94A0-18993B4D821C}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{27207885-A495-4E51-A4DB-6C7602455143}" = dir=out | name=@{microsoft.bingfinance_2.0.0.320_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{2AD3128A-417F-489E-9B4B-7EBF19231815}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{2DB436A7-1776-4F2E-ADD1-5F42BEF0B42F}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc server\vncserver.exe | 
"{2E7BECA6-4F53-4DCA-99E7-0739FD6000E7}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{2F9DADB4-FCD0-4D68-9461-C4069A959DC5}" = protocol=17 | dir=in | app=c:\program files\andy\andy.exe | 
"{302BF05B-C985-4A44-BB9F-48D648C38203}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{3253C722-D4D3-4F3C-8DC2-EF245A60BCFE}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{33780EB4-FE54-4340-8F45-FA58A2B37663}" = protocol=6 | dir=in | app=c:\data\software\jperf\jperf-2.0.2\bin\iperf.exe | 
"{35577991-6348-4D94-AB7F-4550E9700D2F}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{35E018A4-D309-4EC9-85D5-1AF398A3DC52}" = dir=in | name=@{microsoft.reader_6.2.9200.21766_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{3618AE03-560B-4DD9-AAFE-B9BAC1A96218}" = protocol=6 | dir=in | app=c:\data\software\winbox\winbox.exe | 
"{36CE5DB0-B84F-4ED2-AAE1-91A52C3881BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{37CEBF24-FF4E-49D4-96BE-459A2987BC33}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{3A35667C-EF5A-46E7-8976-852AC6242FC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3BE9FBE3-F42F-41CB-83B9-E6E29181856F}" = protocol=17 | dir=in | app=c:\data\software\web server\mongoose-free-6.1.exe | 
"{40F0794B-65E0-4B35-8345-6439C204C735}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre637\bin\java.exe | 
"{41751B73-11A5-4C3E-BBE8-34F0D1EF5FC4}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{441F132A-FE72-4DB8-82C1-60FAB7813666}" = protocol=1 | dir=in | [email protected],-28543 | 
"{4457AC90-5FFF-4A68-ABC6-67B30F90BF6B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{45D5A71E-DF38-4E7E-A9B8-F1A1D4CD24E3}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{47423ED2-C15E-40ED-873B-38E4DD949AC1}" = protocol=17 | dir=in | app=c:\program files (x86)\xming\xming.exe | 
"{48341C07-27A9-4C29-815A-319A142EF2F6}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{48799E8F-A77E-4641-B3EE-CFA091AFEC6F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{4978A34F-57FB-43DE-8496-A7976C962912}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{4C2774E4-83AD-4BAD-B725-671B5DEB48A6}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{4CC88885-42FA-414C-86C0-A8FA159B228B}" = protocol=6 | dir=in | app=c:\users\lgoncalves\appdata\local\akamai\netsession_win.exe | 
"{50102A3B-FEFE-4999-B85F-C06C08C99916}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{51A46DDE-3F03-40F1-8527-A25C4476F021}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{51A4AB57-9DEF-441D-B93C-AC0A4F125881}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe | 
"{544C0B4C-6450-4E7B-9689-F335F9C4DB0B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{55A3F03F-41E4-4E8C-96D1-5C89BE7CEB70}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{57E54841-F196-4992-9A2B-3C1AEEE1DD9E}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{5816F3A6-3741-49ED-A892-7334666580E5}" = protocol=6 | dir=in | app=c:\program files (x86)\watchguard\watchguard authentication client\wgssoclient.exe | 
"{58BB638D-8ACB-48B3-B9C9-441291262552}" = dir=out | name=xerox print experience | 
"{59BB144F-5094-410F-BA30-E079139C72C2}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{5D16CA3A-E87C-47FA-97A2-0555F1B33758}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{6038D6BC-528F-43AC-B067-5CF485B06BD5}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{6422545E-DA8F-4A6E-8615-419341FCAFD6}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{64DB0871-E2C3-465A-8191-891AC0B90447}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre637\bin\java.exe | 
"{667DD4A4-E8CC-4B1B-B531-401C2191BDC6}" = protocol=6 | dir=in | app=c:\data\software\tftp\tftp\tftpd32.exe | 
"{685BBF81-59CE-47A5-8103-ABDF87E91CCC}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{6C28955B-7EA2-4EFC-B28F-87F9CCA0DB9D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{6F29B0AD-39E3-4FE0-80ED-D698C8562549}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{6FC748B1-0B91-4E45-9403-4D477D5C7233}" = protocol=6 | dir=in | app=c:\program files (x86)\orl\vnc\vncviewer.exe | 
"{700D663B-2596-4572-8798-3BB012E892D1}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{72549B01-7802-4ED6-A606-5D15CE163FCA}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{733C4269-A4D0-44DA-A433-A6E13675D837}" = protocol=17 | dir=in | app=c:\users\lgoncalves\appdata\local\akamai\netsession_win.exe | 
"{74C80C19-12B0-4B9C-ADFE-4B742EFB17C4}" = dir=out | name=@{microsoft.zunevideo_1.5.909.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{75EBA715-8641-4048-B196-D080030CE84F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{7944D0A2-8181-4C0C-A92F-A5CF65B696E4}" = protocol=58 | dir=out | [email protected],-28546 | 
"{7A547682-DA74-43F3-9BBE-B7D94EE33CA6}" = protocol=17 | dir=in | app=c:\data\software\winbox\winbox.exe | 
"{7D1C2242-6F72-4EA8-A09C-7D1D30014CC5}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{7EC9A5B4-2988-4647-A723-29FB750D71F4}" = protocol=6 | dir=in | app=c:\program files\andy\andy.exe | 
"{7FB1E2CD-467C-49FF-A325-66AE1BA25282}" = protocol=17 | dir=in | app=c:\data\software\tftp\tftp\tftpd32.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{84562ED5-6DD5-4AB4-A18E-E02B4235F154}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{85995CA9-3AC6-4B2B-A53C-4EAAACDC4DA9}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4398.729_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{85C1D51E-F5E0-4A37-A0B8-602A8764F206}" = dir=in | app=c:\program files (x86)\google\chrome remote desktop\57.0.2987.37\remoting_host.exe | 
"{897A2543-7350-44E6-BCC2-136627DAE300}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{8C322827-1DF3-4EB0-AA3D-C6E4EA7C1B6B}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{8D0FE9EC-C296-4408-B09E-79B4B0529711}" = protocol=6 | dir=in | app=c:\program files (x86)\megaconf\exe\lan4cf.exe | 
"{8D536DA0-53BA-418E-B1CD-113DD0B205EC}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{8D9B7826-4088-4C17-B982-1ED73AABA6E0}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{8DBACDEC-6107-4E26-8AC9-79AD8821C0FE}" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\vboxheadless.exe | 
"{8DBB55E5-BF28-46DB-9EA6-B8ACE4F0BCD8}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre637\bin\javaw.exe | 
"{8E71A7A6-1B47-40C9-B191-FB5773875075}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9284D526-6DF7-4408-9999-EA4C9F95586A}" = protocol=6 | dir=in | app=c:\program files (x86)\xming\xming.exe | 
"{9286998F-D85C-4A34-B4E2-1B7A8B73F657}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{933F23AC-67FA-429D-BCEB-8DD26C7FA108}" = protocol=17 | dir=in | app=c:\program files (x86)\orl\vnc\vncviewer.exe | 
"{945AC8A8-0F9E-4AC5-8098-E5AF2C53C5B9}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9489B965-139B-43A0-9A0F-4B196A50582A}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{9526FE66-252B-4F36-8A9F-6D5AA518EC3C}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{978138DA-8DA1-4421-8E9F-2F88D756DDFD}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{99BEAA74-6F1C-42CB-9041-CFE64EAC08B6}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{9BB7290B-E1A8-4427-A869-46218AE7A07A}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{9E46FDC7-75ED-4CEA-A5E6-9FF63B32BD0E}" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe | 
"{A0205C42-FD7D-4D4D-A5F0-77CFCC4A910E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A3D0FDBF-8AEC-4D99-AD21-B3BF07C83143}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A463DB9F-694D-4072-9035-57ABE6BA32AF}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{A68F23C0-4F9A-4E58-A979-F2ABA903EA2A}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre637\bin\javaw.exe | 
"{ACCA0986-6320-4E93-8C26-D0D432D1143D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{B18724CC-546A-42FE-B4BB-9037087456EF}" = dir=in | name=xerox print experience | 
"{B23B45FD-8744-4455-A62F-AD6B60D8C2CF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{B4607FA3-15A2-4CCB-B16C-94525E3ABB85}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{B62ABFF4-7048-4BA2-8E29-19F0ACF3E7F3}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"{B6453C23-64A0-4945-9DC3-39293B2316EA}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{B8BED167-E5BF-4428-B67A-785AA2BBD192}" = protocol=17 | dir=in | app=c:\data\software\jperf\jperf-2.0.2\bin\iperf.exe | 
"{BB0E6A42-33F5-4FFD-91C4-F3A364F1184E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{BBBBE50E-3961-4678-AE49-CEAD68D18FFB}" = protocol=6 | dir=in | app=c:\program files (x86)\watchguard\watchguard authentication client\wgssoclient.exe | 
"{BCA1E40F-019B-4D03-9FA8-EB26119373CF}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{BDD12952-2E46-41C3-B420-80607C29ADAF}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{BDEABCA7-6967-459C-B55E-1832E4BAD2F0}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{C187F03B-998E-417F-A26D-B49DDB7FC15F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{C442936B-DDBE-43BD-B075-C8D1DA1CF8D7}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C459C18B-6211-4DA2-A86D-4A7E8D28723C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{C7B462C4-9957-46C1-BAC3-A3F07E96300B}" = protocol=1 | dir=out | [email protected],-28544 | 
"{C7D89C95-0E00-47E0-9FE5-0B40D48533CB}" = protocol=6 | dir=in | app=c:\data\software\winscp\winscp406.exe | 
"{CAD05A49-9AF8-4E94-BE53-C4A3F69BC68A}" = protocol=17 | dir=in | app=c:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CB2325B3-2B99-4714-AB11-F5E891AF6819}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{CBB326D7-FCF7-49A1-BF46-8FB35A3BB580}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{CCB971CF-9E0E-47EE-99D3-44FA412EC253}" = protocol=17 | dir=in | app=c:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe | 
"{D24912F1-C431-4190-878A-35B41EC660AA}" = dir=out | name=@{microsoft.bingnews_2.0.0.320_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{D38DBFED-D142-4AB4-B92E-B5B4286721DB}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{D4D4C871-F4CB-4FB7-9146-6AEBC0357D69}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{D6D83A0D-F240-48CB-9A56-91D14BB34EC1}" = dir=out | name=windows_ie_ac_001 | 
"{D71EA3AC-D832-46D8-A639-F4ECA49DE75D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{DA1149D2-5ADC-492D-986D-A85AF0D9577D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DA1ED284-F022-4E54-BCE2-111ADD4DAB4E}" = protocol=6 | dir=in | app=c:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe | 
"{DC96907C-3AB6-46A9-A370-3580D72B5BBC}" = protocol=17 | dir=in | app=c:\data\software\winbox\winbox_new.exe | 
"{DE6CDE6C-D55C-4BFF-B2F7-9416DF1C7673}" = protocol=58 | dir=in | [email protected],-28545 | 
"{E02EBA3C-2EF5-46AE-853D-653C6E094BE9}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{E080E01E-15E8-4FA9-9396-D398CCFFBF41}" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"{E1B06935-A929-4BBC-908C-A81EE8DF6068}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"{E1F39054-9F6B-4848-9F0B-6F82F8665771}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{E3F9D00C-E2E6-4A08-ACDE-E912951E2C56}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{E516BF2D-BE57-451D-8BB2-A70FFC10B0D8}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{E5855DD9-AD6D-4143-A747-C0A3D54C8C94}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{E6708984-F3B7-4C6C-8FA4-10DD166C27DB}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E6B2A3F2-0CFE-4CA6-ACFA-6409863681AF}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E84C69D4-195B-4BEE-9188-BB924FE49E30}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E96F292C-2071-4B57-80EC-AD1B410374E2}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{E9C1F2FD-3994-48E1-B485-FD3B8422EDE1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe | 
"{EBBAD764-E185-40D9-81E8-84245BF44463}" = protocol=6 | dir=in | app=c:\data\software\web server\mongoose-free-6.1.exe | 
"{ED731F5E-6A73-4283-8D42-E2DB841A217B}" = dir=out | name=@{microsoft.bingtravel_2.0.0.326_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{EF3BF61C-270F-4B3B-87E5-408B27337B73}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{F550B58C-4094-489D-821B-E91C958769C5}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{F594F69C-AA55-468B-879A-2D54CA3BAD03}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{FADE5FCC-C5B0-482F-8C06-C3EA8F4AB131}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{FE7431FB-FF6E-4D8D-B32A-8205CB335554}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FF4B33FE-0D8E-4771-A91A-BD76D200B9B4}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{FF77BD37-7EBD-4B1B-A8E7-662B9AEF9CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{035FF63B-D64F-47B0-923A-094EB0EC1E86}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe | 
"TCP Query User{049F4A27-7168-4A10-BB24-91A12F9ADEDF}C:\data\software\winbox\winbox_new.exe" = protocol=6 | dir=in | app=c:\data\software\winbox\winbox_new.exe | 
"TCP Query User{0585F74D-937B-4B2A-B4A1-2DCE3F51DAEF}C:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{08FE54BE-EAD8-441D-B432-7BDDC400D950}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{178F83C3-691C-4398-B564-DFDFEE06FBDA}C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe | 
"TCP Query User{1A1C20A5-228E-43A7-A4EE-36DCD1096A70}C:\data\software\tftp\tftp\tftpd32.exe" = protocol=6 | dir=in | app=c:\data\software\tftp\tftp\tftpd32.exe | 
"TCP Query User{36DF6F86-1C58-43CA-AD12-AD61286044BB}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe | 
"TCP Query User{400FB5A5-C576-48FE-8812-B425AEB243CA}C:\program files (x86)\nortel\jdm\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nortel\jdm\jre\bin\javaw.exe | 
"TCP Query User{5258B3FA-1C74-4415-BEB1-80ED432FFBCD}C:\program files (x86)\orl\vnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orl\vnc\winvnc.exe | 
"TCP Query User{5C694470-3B71-48AC-A9C4-555CBA5942AA}C:\program files (x86)\nortel\jdm\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nortel\jdm\jre\bin\javaw.exe | 
"TCP Query User{5DA11AFA-5E38-4F78-B08F-AE9CFE8F1CA2}C:\program files\andy\andy.exe" = protocol=6 | dir=in | app=c:\program files\andy\andy.exe | 
"TCP Query User{6154D3DE-26BF-4309-BE69-7E5BC202B091}C:\data\software\winbox\winbox.exe" = protocol=6 | dir=in | app=c:\data\software\winbox\winbox.exe | 
"TCP Query User{656C3E64-EE1B-4C98-880F-73E7B1DE77C5}C:\program files (x86)\java\jre637\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre637\bin\java.exe | 
"TCP Query User{6FD2260D-4063-4735-8BBA-703FF27C3E06}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{79D8701D-B072-45D7-923A-AA5962C8A8EC}C:\program files (x86)\java\jre637\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre637\bin\javaw.exe | 
"TCP Query User{7DFE31C0-6972-4A22-ACA0-A518DAA46E60}C:\program files\oracle\virtualbox\vboxheadless.exe" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\vboxheadless.exe | 
"TCP Query User{8685C0BE-9123-4BFC-88BE-2A00FA5FBEEE}C:\data\software\web server\mongoose-free-6.1.exe" = protocol=6 | dir=in | app=c:\data\software\web server\mongoose-free-6.1.exe | 
"TCP Query User{8D3F7559-546D-48E6-9F7C-89F10025D7EC}C:\program files (x86)\megaconf\exe\lan4cf.exe" = protocol=6 | dir=in | app=c:\program files (x86)\megaconf\exe\lan4cf.exe | 
"TCP Query User{99CC812D-5EDA-4FB3-8777-43C4576DEFDA}C:\users\lgoncalves\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lgoncalves\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{A54B8759-92A0-4F7B-B72B-9798E81FA9BD}C:\program files (x86)\nortel\jdm\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nortel\jdm\jre\bin\javaw.exe | 
"TCP Query User{AEED6190-D3FC-4805-8B1D-2705AF296892}C:\data\software\winscp\winscp406.exe" = protocol=6 | dir=in | app=c:\data\software\winscp\winscp406.exe | 
"TCP Query User{CC623F22-7CD8-4063-93C8-79C52AC153CF}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{DEC6B389-7C23-4E33-8391-1E8CF6A7E989}C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe | 
"TCP Query User{E2E16F02-47A8-4DB4-A8ED-A3B3E90F0A6A}C:\program files (x86)\orl\vnc\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orl\vnc\vncviewer.exe | 
"TCP Query User{E67454BC-657A-4014-86D9-7343BDF42020}C:\data\software\jperf\jperf-2.0.2\bin\iperf.exe" = protocol=6 | dir=in | app=c:\data\software\jperf\jperf-2.0.2\bin\iperf.exe | 
"TCP Query User{F85C4207-9EAF-4E02-B3F6-2E9AF1782998}C:\program files (x86)\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xming\xming.exe | 
"TCP Query User{F9A6250E-0690-46C9-AAD3-285C1B479210}C:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{19B747D9-5674-422C-B162-A75629BB1998}C:\program files\oracle\virtualbox\vboxheadless.exe" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\vboxheadless.exe | 
"UDP Query User{1A450E6D-B4F9-4CD5-8485-3A095D8729B3}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe | 
"UDP Query User{1E441FB1-9800-40AC-BA2C-E4DAADBA6DEA}C:\data\software\winscp\winscp406.exe" = protocol=17 | dir=in | app=c:\data\software\winscp\winscp406.exe | 
"UDP Query User{2254A97F-5E02-433D-B560-ED21B26980E1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{26D8E824-F092-42E8-8092-E2AAC8A34D88}C:\program files (x86)\orl\vnc\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orl\vnc\vncviewer.exe | 
"UDP Query User{33AED70E-3EEE-4B13-8930-F5AB57C7B660}C:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3A3BE767-CC5D-4F44-85EB-0AF923991B69}C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe | 
"UDP Query User{44CA2DF8-D3FC-4CBE-A025-80FE7BF9D5A1}C:\program files (x86)\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xming\xming.exe | 
"UDP Query User{47527558-DDB9-4AB0-B721-0D71C8BCFBD7}C:\data\software\winbox\winbox.exe" = protocol=17 | dir=in | app=c:\data\software\winbox\winbox.exe | 
"UDP Query User{50918614-76E5-4AA7-844A-FF2B101047C7}C:\program files\andy\andy.exe" = protocol=17 | dir=in | app=c:\program files\andy\andy.exe | 
"UDP Query User{57A19FDD-71BF-444F-97B1-114215DFE54A}C:\program files (x86)\orl\vnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orl\vnc\winvnc.exe | 
"UDP Query User{718F0A3F-ACBB-4F5A-9272-F30F9E57234B}C:\program files (x86)\nortel\jdm\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nortel\jdm\jre\bin\javaw.exe | 
"UDP Query User{85B3910F-413C-48AB-B1DE-BA659CDAAB72}C:\data\software\web server\mongoose-free-6.1.exe" = protocol=17 | dir=in | app=c:\data\software\web server\mongoose-free-6.1.exe | 
"UDP Query User{9380F6C5-F93F-487F-8666-B4AF3BE28998}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe | 
"UDP Query User{95FD6940-1613-4AAF-AD31-BBC35B7C4950}C:\program files (x86)\megaconf\exe\lan4cf.exe" = protocol=17 | dir=in | app=c:\program files (x86)\megaconf\exe\lan4cf.exe | 
"UDP Query User{A2248D6B-B44D-46D1-AC7B-73FF2370A755}C:\program files (x86)\java\jre637\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre637\bin\java.exe | 
"UDP Query User{A7F1D8CF-61DD-4053-A3A3-1BAE690031BA}C:\users\lgoncalves\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lgoncalves\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{AD5A0D07-9F56-4406-BB13-2D4E6C255460}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{B539B69E-B3B5-4035-97C9-B80BAC3D9A54}C:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lgoncalves\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{B6508886-76B7-40E4-9843-A94348B3818A}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{BBE12CD6-7128-45DB-A29A-7E1C225EB645}C:\program files (x86)\java\jre637\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre637\bin\javaw.exe | 
"UDP Query User{C02653A2-5D9E-4435-B129-E99C0F5D37C6}C:\program files (x86)\nortel\jdm\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nortel\jdm\jre\bin\javaw.exe | 
"UDP Query User{D10F3A2A-7A4C-4C25-A82E-AB74E2BAE82C}C:\data\software\winbox\winbox_new.exe" = protocol=17 | dir=in | app=c:\data\software\winbox\winbox_new.exe | 
"UDP Query User{D75245D9-ED1E-4F5E-B167-F173C55313A8}C:\data\software\tftp\tftp\tftpd32.exe" = protocol=17 | dir=in | app=c:\data\software\tftp\tftp\tftpd32.exe | 
"UDP Query User{E62EC462-2F59-44AC-A49A-42D9D63C1FC0}C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe | 
"UDP Query User{E720F688-0B0A-4374-B533-9AB1990CAF56}C:\program files (x86)\nortel\jdm\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nortel\jdm\jre\bin\javaw.exe | 
"UDP Query User{FF2B7BC9-DC1F-4CD0-91BB-211776AADC23}C:\data\software\jperf\jperf-2.0.2\bin\iperf.exe" = protocol=17 | dir=in | app=c:\data\software\jperf\jperf-2.0.2\bin\iperf.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07120CC5-F687-F1EC-BB37-0FE1148B8B99}" = Microsoft App Update for Microsoft.ZuneVideo_1.5.802.0_x64__8wekyb3d8bbwe (x64)
"{109A5A16-E09E-4B82-A784-D1780F1190D6}" = Windows Firewall Configuration Provider
"{13804425-98CA-F064-5303-83CA47BFA797}" = Microsoft App Update for Microsoft.Bing_1.5.1.259_x64__8wekyb3d8bbwe (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{20C1086D-C843-36B1-B678-990089D1BD44}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649
"{2AA3C13E-0531-41B8-AE48-AE28C940A809}" = Microsoft Security Client
"{2EC4CA09-A9D3-B7D7-E771-7EBBBE7B063D}" = Microsoft App Update for Microsoft.BingMaps_1.6.1821.2624_x64__8wekyb3d8bbwe (x64)
"{33AF8244-6DED-EB0D-1437-8D38DAFBE084}" = Microsoft App Update for Microsoft.ZuneMusic_1.5.216.0_x64__8wekyb3d8bbwe (x64)
"{343D4507-997F-4553-9F86-2BB81F19A05E}" = Configuration Manager Client
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.0.6.1469
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{438C972C-B347-D7EE-C2CF-B785159161DE}" = Microsoft App Update for Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55B4DBE8-A607-90A9-5EB6-1E4730257D97}" = Microsoft App Update for microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe (x64)
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}" = Apple Application Support (64 bits)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{755AEEE5-417B-6588-1B41-88F60E74746C}" = Microsoft App Update for Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC085C-9691-470F-8552-7ACB64985DAA}_is1" = Andy 0.21
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
"{90D295B8-BA08-487E-B904-0E624209A410}" = Microsoft Policy Platform
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{942EA1EC-7391-4ABD-9524-388BC2D70673}" = Microsoft Endpoint Protection Management Components
"{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}" = iTunes
"{A370C527-EF4A-4172-B1F6-310C121BAB02}" = Microsoft Forefront Endpoint Protection 2010 Server Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ABB19BB4-838D-3082-BDA4-87C6604181A2}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649
"{AC5BF7B4-9316-8651-5D33-C66B12E43EC2}" = Microsoft App Update for Microsoft.BingFinance_2.0.0.308_x64__8wekyb3d8bbwe (x64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{C7053AAD-F996-4477-A8F6-D5953444C684}" = Oracle VM VirtualBox 4.3.32
"{CA7F3A89-662F-4239-B4CA-176241045DCB}" = VNC Server 5.2.3
"{D2778679-7419-47DB-96CD-20931B8E8F95}" = Microsoft App Update for Microsoft.Camera_6.2.9200.20523_x64__8wekyb3d8bbwe (x64)
"{D4D86CB2-2370-4691-8272-3869EDED6C64}" = Apple Mobile Device Support
"{DB72737F-664C-E812-A754-2D3E4BEF555E}" = Microsoft App Update for Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe (x64)
"{DE9E6FE4-5B56-69A1-B494-77EFC1B31637}" = Microsoft App Update for Microsoft.BingNews_2.0.0.308_x64__8wekyb3d8bbwe (x64)
"{DEBCE708-01B2-1308-04D0-705FE2210C5B}" = Microsoft App Update for Microsoft.XboxLIVEGames_1.3.10.0_x64__8wekyb3d8bbwe (x64)
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
"{F1AD4512-4E28-742B-CDD2-02F15E5EF898}" = Microsoft App Update for Microsoft.BingTravel_2.0.0.308_x64__8wekyb3d8bbwe (x64)
"CCleaner" = CCleaner
"doPDF 7 printer_is1" = doPDF 7.1 printer
"Elantech" = ETDWare PS/2-X64 11.6.6.002_WHQL
"Microsoft Security Client" = System Center Endpoint Protection
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{072A5217-8165-4AB7-8366-36CB3245DB60}" = OpenVPN Client
"{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}" = Citrix Online Launcher
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{29DB9165-5FC1-48F0-9188-26123F526848}" = Apple Application Support (32 bits)
"{35846BA4-5A5A-433B-B65E-41C324AEFFA4}" = Pandion
"{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}" = Skype™ 7.33
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51
"{40ADEFDD-ABAC-4AAE-A868-387F666C0B17}" = Vagrant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA84DF8-182A-459D-A050-A71BDBFBE9DC}" = Microsoft Power Query for Excel
"{4CFC749F-E178-42C7-8095-796C5814C9C3}" = Microsoft SQL Server 2012 PowerPivot for Excel  32-bit
"{4F4FED6F-83A7-426F-8B38-844C472EFAA3}" = WatchGuard Authentication Client 11.9.3
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5
"{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88D5D9A4-48C4-4D0A-88B9-3E18661CF0D9}" = Chrome Remote Desktop Host
"{8C70B6E9-B71A-4421-B879-E4C1D0404953}" = MySQL Connector Net 6.8.7
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.PRJPRO_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROPLUS_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.VISIO_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PRJPRO_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUS_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.VISIO_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.PRJPRO_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROPLUS_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.VISIO_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.PRJPRO_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROPLUS_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.VISIO_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.PRJPRO_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.VISIO_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0C0A-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Spanish) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.VISIO_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0C0A-0000-0000000FF1CE}" = Microsoft Office Project MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1238426-ECDF-4639-BE2F-8D12A97AE23C}" = Google Drive
"{A726D155-8D27-4346-8082-9A35265A0DB5}" = Trace.Net
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001824214663}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1034-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Español
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C277CAC7-D494-4F5E-9EE2-37E0108A864B}" = BlackBerry Device Software v7.1.0 for the BlackBerry 9900 smartphone
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}" = BlackBerry Device Software Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6430171-B86B-4639-839E-374913E7911D}" = Google Earth
"{F692770D-0E27-4D3F-8386-F04C6F434040}" = Agente Microsoft Operations Manager 2005
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9C3B51C-DCCC-4916-B08D-A6820D914AC0}" = CSDiff
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"Advanced SystemCare 8_is1" = Advanced SystemCare 8
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Driver Booster_is1" = Driver Booster 3.4
"Excentis Docsis Config File Editor 1.6.0" = Excentis Docsis Config File Editor
"eyeBeam_is1" = eyeBeam 3004t
"FortiConverter" = FortiConverter 4.6 Build 0651
"Git_is1" = Git version 1.9.5-preview20150319
"Google Chrome" = Google Chrome
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"ISC BIND" = ISC BIND
"Java Device Manager" = Java Device Manager
"LManager" = Launch Manager
"MegaVision Configurator_is1" = MegaVision Configurator
"Mobile VPN with SSL client_is1" = WatchGuard Mobile VPN with SSL client 11.10.0
"Mozilla Firefox 52.0.2 (x86 en-US)" = Mozilla Firefox 52.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++ (32-bit x86)
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"PuTTY Session Manager" = PuTTY Session Manager 0.41.166.0
"RealVNC_is1" = VNC Free Edition 4.1.2
"Replay Video Capture6.0.6.1" = Replay Video Capture 6
"SecureCRT" = VanDyke Software SecureCRT 5.0
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"WinPcapInst" = WinPcap 4.1.3
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Wireshark" = Wireshark 2.2.3 (64-bit)
"Xming_is1" = Xming 6.9.0.31
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7E07052F-A4CE-4932-B066-B9203888439F}_is1" = Windroy version 0.5.5
"5620 SAM Client Uninstall" = 5620 SAM Client Uninstall
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 8.4.0.6871
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22-04-2017 05:50:28 p.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = IAStorDataMgrSvc | ID = 7001
Description = Internal program error:  missing resource string DM_1_0_7
 
Error - 22-04-2017 05:50:28 p.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 22-04-2017 05:50:30 p.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: IAStorDataMgrSvc.exe, versión:
 11.5.0.1207, marca de tiempo: 0x4ffb4350  Nombre del módulo con errores: KERNELBASE.dll,
 versión: 6.2.9200.17366, marca de tiempo: 0x554d16f6  Código de excepción: 0xe0434352
Desplazamiento
 de errores: 0x00010192  Identificador del proceso con errores: 0x1600  Hora de inicio
 de la aplicación con errores: 0x01d2bbb26a444cf4  Ruta de acceso de la aplicación
 con errores: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Ruta
 de acceso del módulo con errores: C:\Windows\SYSTEM32\KERNELBASE.dll  Identificador
 del informe: b3bc3103-27a5-11e7-bf1e-083e8e85a176  Nombre completo del paquete con
 errores:   Identificador de aplicación relativa del paquete con errores: 
 
Error - 23-04-2017 07:37:58 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 23-04-2017 10:24:40 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = AdvancedSystemCareService8 | ID = 0
Description = 
 
Error - 23-04-2017 10:24:40 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = AdvancedSystemCareService8 | ID = 0
Description = 
 
Error - 23-04-2017 10:29:59 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Microsoft Operations Manager | ID = 26008
Description = El agente no puede resolver la IP del servidor MOM SERCARACAS02.NET-UNO.NET.VE.
 El error comunicado es 'Host desconocido.'.
 
Error - 23-04-2017 10:30:55 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Microsoft Operations Manager | ID = 22061
Description = El procesamiento de datos salientes de Agente se ha bloqueado.  Este
 error indica problemas de comunicación o de procesamiento de base de datos.    Grupo
 de administración: ForefrontClientSecurity
 
Error - 23-04-2017 10:31:04 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = IAStorDataMgrSvc | ID = 7001
Description = Internal program error:  missing resource string DM_1_0_7
 
Error - 23-04-2017 10:31:05 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 23-04-2017 10:31:07 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: IAStorDataMgrSvc.exe, versión:
 11.5.0.1207, marca de tiempo: 0x4ffb4350  Nombre del módulo con errores: KERNELBASE.dll,
 versión: 6.2.9200.17366, marca de tiempo: 0x554d16f6  Código de excepción: 0xe0434352
Desplazamiento
 de errores: 0x00010192  Identificador del proceso con errores: 0x930  Hora de inicio
 de la aplicación con errores: 0x01d2bc3e3506c287  Ruta de acceso de la aplicación
 con errores: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Ruta
 de acceso del módulo con errores: C:\Windows\SYSTEM32\KERNELBASE.dll  Identificador
 del informe: 7c5952ec-2831-11e7-bf1f-083e8e85a176  Nombre completo del paquete con
 errores:   Identificador de aplicación relativa del paquete con errores: 
 
[ System Events ]
Error - 23-04-2017 10:25:10 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio NetPipeActivator.
 
Error - 23-04-2017 10:26:36 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = Error al procesar la directiva de grupo. Windows no pudo resolver 
el nombre del equipo. Las posibles razones son:  a) Error en la resolución de nombres
 en el controlador de dominio actual. Latencia de replicación de Active Directory
 (una cuenta creada en otro controlador de dominio no se replicó en el controlador
 de dominio actual).
 
Error - 23-04-2017 10:26:38 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Microsoft-Windows-GroupPolicy | ID = 1130
Description = Error en 0. Nombre    GPO:  Ruta de acceso al sistema de archivos WSUS-PC
 URBINA   GPO: \\net-uno.net.ve\sysvol\net-uno.net.ve\Policies\{CD82E638-645A-42FA-B820-9853B0488017}\Machine
    Nombre
 de script: Uninstall Symantec.bat
 
Error - 23-04-2017 10:26:38 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Microsoft-Windows-GroupPolicy | ID = 1130
Description = Error en 0. Nombre    GPO:  Ruta de acceso al sistema de archivos TIME
 ZONE UTC -4   GPO: \\net-uno.net.ve\SysVol\net-uno.net.ve\Policies\{D411098A-2E77-4CDC-95A9-6ACEA2DE4B5D}\Machine
    Nombre
 de script: TZ_2_tzutil.cmd
 
Error - 23-04-2017 10:26:38 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Microsoft-Windows-GroupPolicy | ID = 1130
Description = Error en 0. Nombre    GPO:  Ruta de acceso al sistema de archivos TIME
 ZONE UTC -4   GPO: \\net-uno.net.ve\SysVol\net-uno.net.ve\Policies\{D411098A-2E77-4CDC-95A9-6ACEA2DE4B5D}\Machine
    Nombre
 de script: TZ_1.cmd
 
Error - 23-04-2017 10:26:49 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = No se puede procesar la directiva de grupo debido a que no se puede
 conectar a un controlador de dominio a través de la red. Esta condición puede ser
 temporal. Se podría generar un mensaje de operación correcta una vez que el equipo
 se conecte al controlador de dominio y la directiva de grupo se procese correctamente.
 Póngase en contacto con el administrador si no se muestra un mensaje de operación
 correcta durante varias horas.
 
Error - 23-04-2017 10:30:53 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = DCOM | ID = 10016
Description = 
 
Error - 23-04-2017 10:30:53 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = DCOM | ID = 10016
Description = 
 
Error - 23-04-2017 10:31:32 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Service Control Manager | ID = 7034
Description = El servicio Tecnología de almacenamiento Intel(R) Rapid se terminó
 de manera inesperada. Esto ha sucedido 1 veces.
 
Error - 23-04-2017 10:38:35 a.m. | Computer Name = NU0106E12.net-uno.net.ve | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = No se puede procesar la directiva de grupo debido a que no se puede
 conectar a un controlador de dominio a través de la red. Esta condición puede ser
 temporal. Se podría generar un mensaje de operación correcta una vez que el equipo
 se conecte al controlador de dominio y la directiva de grupo se procese correctamente.
 Póngase en contacto con el administrador si no se muestra un mensaje de operación
 correcta durante varias horas.
 
 
< End of report >
 

[Windows 8 very slow]

Hi Chuck,

Thanks a lot for your help. In this time I put in quarantine findings from malwarebytes. I will post log from Malware bytes and OLT.txt.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/23/17
Scan Time: 9:27 AM
Logfile: Malware_report_2.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1791
License: Trial

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 521927
Time Elapsed: 51 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCSERVICE.EXE, Quarantined, [1479], [380352],1.0.1791

Module: 1
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCSERVICE.EXE, Quarantined, [1479], [380352],1.0.1791

Registry Key: 11
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\INTERFACE\{BA935377-E17C-4475-B1BF-DE3110613A99}, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BA935377-E17C-4475-B1BF-DE3110613A99}, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BA935377-E17C-4475-B1BF-DE3110613A99}, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\TYPELIB\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.Feven, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.8, Delete-on-Reboot, [3675], [238300],1.0.1791
PUP.Optional.CrossRider, HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{52009A26-2572-47DF-8927-53FAC48648F9}, Delete-on-Reboot, [235], [237488],1.0.1791
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService8, Delete-on-Reboot, [1479], [380352],1.0.1791

Registry Value: 2
PUP.Optional.CrossRider, HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{52009A26-2572-47DF-8927-53FAC48648F9}|APPNAME, Delete-on-Reboot, [235], [237488],1.0.1791
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 8, Delete-on-Reboot, [1479], [380353],1.0.1791

Registry Data: 5
PUM.Optional.ForceActiveDesktopOn, HKU\S-1-5-21-182186785-877161024-3379391946-30677\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|FORCEACTIVEDESKTOPON, Replace-on-Reboot, [16294], [293327],1.0.1791
PUM.Optional.HomepageControl, HKU\S-1-5-21-182186785-877161024-3379391946-30677\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HOMEPAGE, Replace-on-Reboot, [16297], [293330],1.0.1791
PUM.Optional.ForceActiveDesktopOn, HKU\S-1-5-21-182186785-877161024-3379391946-24789\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|FORCEACTIVEDESKTOPON, Replace-on-Reboot, [16294], [293327],1.0.1791
PUM.Optional.ForceActiveDesktopOn, HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|FORCEACTIVEDESKTOPON, Replace-on-Reboot, [16294], [293327],1.0.1791
PUM.Optional.HomepageControl, HKU\S-1-5-21-182186785-877161024-3379391946-24789\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HOMEPAGE, Replace-on-Reboot, [16297], [293330],1.0.1791

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 14
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\ADVANCED SYSTEMCARE 8.LNK, Delete-on-Reboot, [1479], [380338],1.0.1791
PUP.Optional.Somoto, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\BITOOL.DLL, Delete-on-Reboot, [356], [301181],1.0.1791
PUP.Optional.BundleInstaller, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\BINSIS142.XML, Delete-on-Reboot, [25], [260807],1.0.1791
PUP.Optional.BundleInstaller, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\BINSISCHECK654.XML, Delete-on-Reboot, [25], [260808],1.0.1791
PUP.Optional.MyPCBackup, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\BACKUPSETUP.EXE, Delete-on-Reboot, [236], [300958],1.0.1791
PUP.Optional.Montiera, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\KR30OJ_H.EXE.PART, Delete-on-Reboot, [137], [44087],1.0.1791
PUP.Optional.Somoto, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\NSO35EB.TMP, Delete-on-Reboot, [356], [301181],1.0.1791
PUP.Optional.MyPCBackup, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\FFB605D2-90F8-42C4-8423-87BE61847A55\SOFTWARE\CLOUD_BACKUP_SETUP.EXE, Delete-on-Reboot, [236], [300958],1.0.1791
PUP.Optional.CrossRider, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\FFB605D2-90F8-42C4-8423-87BE61847A55\SOFTWARE\FEVEN-1-8.EXE, Delete-on-Reboot, [235], [52039],1.0.1791
PUP.Optional.DeltaTB, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\IS520188154\DELTATB.EXE, Delete-on-Reboot, [3270], [2886],1.0.1791
PUP.Optional.Bandoo, C:\USERS\LGONCALVES\DOWNLOADS\SETUP_FREEBURNER.EXE, Delete-on-Reboot, [943], [301304],1.0.1791
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCEXTMENU_64.DLL, Delete-on-Reboot, [1479], [380348],1.0.1791
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCSERVICE.EXE, Delete-on-Reboot, [1479], [380352],1.0.1791
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCTRAY.EXE, Delete-on-Reboot, [1479], [380353],1.0.1791

Physical Sector: 0
(No malicious items detected)

(end)

OLT.txt

OTL logfile created on: 23-04-2017 11:21:33 a.m. - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Data\Software\JRT
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17607)
Locale: 0000200a | Country: Republica Bolivariana de Venezuela | Language: ESV | Date Format: dd-MM-yyyy
 
3,82 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 37,36% Memory free
7,57 Gb Paging File | 3,94 Gb Available in Paging File | 51,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,42 Gb Total Space | 74,69 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: NU0106E12 | User Name: LGONCALVES | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2017-04-23 10:34:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Data\Software\JRT\OTL.com
PRC - [2017-04-17 11:13:30 | 028,344,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2017-03-28 22:03:55 | 000,941,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2017-02-02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016-11-27 13:55:28 | 002,268,336 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2016-11-05 17:05:57 | 000,143,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\lgoncalves\AppData\Local\Dropbox\Update\DropboxUpdate.exe
PRC - [2016-08-30 14:29:56 | 002,271,008 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016-07-29 20:14:06 | 003,046,688 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2015-04-14 04:30:00 | 000,642,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\SCNotification.exe
PRC - [2015-01-29 22:07:00 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
PRC - [2015-01-23 15:02:58 | 001,749,792 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
PRC - [2014-08-31 22:34:28 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\WatchGuard Authentication Client\wgssoclient.exe
PRC - [2013-10-18 13:15:50 | 000,437,328 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013-10-18 13:15:46 | 000,358,480 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013-10-18 12:22:30 | 000,086,096 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013-02-02 04:40:58 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2012-11-09 02:16:30 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
PRC - [2012-08-21 19:06:54 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012-08-21 19:06:52 | 001,176,176 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012-08-21 19:06:52 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012-07-20 02:39:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012-07-09 14:17:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-08-12 18:15:00 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2010-04-14 23:34:44 | 000,549,888 | ---- | M] (Pandion) -- C:\Program Files (x86)\Pandion\Application\pandion.exe
PRC - [2006-05-12 15:34:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
PRC - [2005-07-21 11:45:14 | 000,054,272 | ---- | M] (Microsoft Corporation) -- c:\PROGRA~2\MICROS~1\CLIENT~1\Client\MICROS~1\MOMHost.exe
PRC - [2005-07-21 11:44:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2017-04-17 11:14:04 | 000,025,432 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
MOD - [2017-04-17 11:14:04 | 000,023,896 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
MOD - [2017-04-17 11:14:02 | 000,054,608 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
MOD - [2017-04-17 11:14:02 | 000,026,456 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
MOD - [2017-04-17 11:14:02 | 000,022,872 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
MOD - [2017-04-17 11:14:00 | 000,026,456 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
MOD - [2017-04-17 11:14:00 | 000,022,864 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
MOD - [2017-04-17 11:14:00 | 000,021,848 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
MOD - [2017-04-17 11:13:58 | 000,030,536 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
MOD - [2017-04-17 11:13:58 | 000,022,872 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
MOD - [2017-04-17 11:13:58 | 000,022,864 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
MOD - [2017-04-17 11:13:56 | 000,392,512 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
MOD - [2017-04-17 11:13:54 | 000,019,776 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
MOD - [2017-04-17 11:13:50 | 000,103,232 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
MOD - [2017-04-17 11:13:48 | 003,928,896 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
MOD - [2017-04-17 11:13:48 | 000,224,064 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
MOD - [2017-04-17 11:13:48 | 000,171,336 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
MOD - [2017-04-17 11:13:48 | 000,133,432 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
MOD - [2017-04-17 11:13:46 | 000,546,104 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
MOD - [2017-04-17 11:13:46 | 000,357,688 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
MOD - [2017-04-17 11:13:46 | 000,207,680 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
MOD - [2017-04-17 11:13:46 | 000,042,816 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
MOD - [2017-04-17 11:13:44 | 001,972,024 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
MOD - [2017-04-17 11:13:44 | 001,826,104 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
MOD - [2017-04-17 11:13:44 | 000,531,264 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
MOD - [2017-04-17 11:13:42 | 000,060,736 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
MOD - [2017-04-17 11:13:42 | 000,025,936 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
MOD - [2017-04-17 11:13:40 | 000,084,288 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
MOD - [2017-04-17 11:13:40 | 000,038,712 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\fastpath.pyd
MOD - [2017-04-17 11:13:38 | 000,027,488 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
MOD - [2017-04-17 11:13:38 | 000,020,816 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
MOD - [2017-04-17 11:13:36 | 001,729,360 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
MOD - [2017-04-17 11:13:36 | 000,246,608 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
MOD - [2017-04-17 11:13:36 | 000,022,336 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
MOD - [2017-04-17 11:13:36 | 000,020,824 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
MOD - [2017-04-17 11:09:48 | 000,870,720 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
MOD - [2017-03-28 22:04:01 | 002,187,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
MOD - [2017-03-28 22:04:00 | 000,086,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
MOD - [2017-03-28 20:00:28 | 001,631,184 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2017-03-28 20:00:28 | 000,017,864 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2017-03-28 19:56:46 | 000,349,128 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\winxpgui.pyd
MOD - [2017-03-28 19:56:46 | 000,116,176 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32security.pyd
MOD - [2017-03-28 19:56:46 | 000,048,592 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32service.pyd
MOD - [2017-03-28 19:56:46 | 000,028,616 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32ts.pyd
MOD - [2017-03-28 19:56:44 | 000,060,880 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32print.pyd
MOD - [2017-03-28 19:56:44 | 000,043,472 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32process.pyd
MOD - [2017-03-28 19:56:44 | 000,030,160 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32pipe.pyd
MOD - [2017-03-28 19:56:44 | 000,024,016 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32profile.pyd
MOD - [2017-03-28 19:56:42 | 000,175,560 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32gui.pyd
MOD - [2017-03-28 19:56:42 | 000,124,880 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32file.pyd
MOD - [2017-03-28 19:56:42 | 000,057,808 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
MOD - [2017-03-28 19:56:42 | 000,024,528 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32event.pyd
MOD - [2017-03-28 19:56:40 | 000,105,928 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32api.pyd
MOD - [2017-03-28 19:56:40 | 000,024,016 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
MOD - [2017-03-28 19:56:40 | 000,020,936 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\mmapfile.pyd
MOD - [2017-03-28 19:55:32 | 000,241,104 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
MOD - [2017-03-28 19:54:54 | 000,123,856 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
MOD - [2017-03-28 19:54:52 | 000,083,912 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\sip.pyd
MOD - [2017-03-28 19:54:52 | 000,019,408 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\faulthandler.pyd
MOD - [2017-03-28 19:54:10 | 000,035,792 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
MOD - [2017-03-28 19:54:08 | 000,694,224 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\unicodedata.pyd
MOD - [2017-03-28 19:54:08 | 000,100,296 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\_ctypes.pyd
MOD - [2017-03-28 19:54:08 | 000,018,888 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\select.pyd
MOD - [2017-03-28 19:54:06 | 000,145,864 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\pyexpat.pyd
MOD - [2017-03-28 19:54:04 | 000,116,688 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\pywintypes27.dll
MOD - [2017-03-28 19:54:02 | 000,392,656 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\pythoncom27.dll
MOD - [2017-03-28 19:52:12 | 000,036,296 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\librsync.dll
MOD - [2017-01-30 12:52:46 | 001,926,632 | R--- | M] () -- C:\Program Files (x86)\Skype\Phone\roottools.dll
MOD - [2017-01-24 09:15:02 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
MOD - [2016-11-27 13:55:36 | 000,021,680 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
MOD - [2016-06-21 19:30:02 | 000,442,144 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
MOD - [2016-06-21 19:29:58 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
MOD - [2016-06-21 19:29:56 | 000,210,720 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
MOD - [2016-06-14 16:35:24 | 000,625,440 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
MOD - [2016-05-23 21:49:40 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
MOD - [2015-12-11 04:08:05 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9e967a3f4c3e817c1ae91777c190c16f\System.IdentityModel.ni.dll
MOD - [2015-12-11 04:07:58 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\8ebe6552717b14e42e4602d55185938a\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2015-12-11 04:07:53 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\c128566fb08588beea419f74e8b4e1b0\IAStorCommon.ni.dll
MOD - [2015-12-11 04:06:39 | 000,371,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\7444613c8d1f116b41869ace49e2f5d7\IAStorUtil.ni.dll
MOD - [2015-12-11 04:06:28 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\79afccfde6ff5b3cf3f037ec916eec9a\SMDiagnostics.ni.dll
MOD - [2015-12-11 04:06:27 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\5c055a7f31b4cddf39d30b96163b5d58\System.ServiceModel.Internals.ni.dll
MOD - [2015-12-10 13:46:32 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\f5c48d3c80f7a7392a9911c31397ab22\System.Xml.ni.dll
MOD - [2015-12-10 13:46:25 | 001,900,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7e33d28b2dab9b4496ea35823e1de449\System.Xaml.ni.dll
MOD - [2015-12-10 13:46:22 | 012,935,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\03593644cf2575ffec54bf2f951f9506\System.Windows.Forms.ni.dll
MOD - [2015-12-10 13:46:03 | 019,720,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\502c3e884c94a357ac905cf962c2a900\System.ServiceModel.ni.dll
MOD - [2015-12-10 13:45:37 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\c7651bf9afc813b8162fb7184629072d\System.Runtime.Serialization.ni.dll
MOD - [2015-12-10 13:45:33 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\8dce5f9ea79f92eb893c9856dd10d9b7\System.Runtime.Remoting.ni.dll
MOD - [2015-12-10 13:45:31 | 001,180,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\4e9fe080061a2ce694f8917224d35284\System.Management.ni.dll
MOD - [2015-12-10 13:45:29 | 001,650,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\417fda7d941a5c71437d01e6ce75f7ef\System.Drawing.ni.dll
MOD - [2015-12-10 13:45:14 | 000,975,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1baa425f5e4264cf00fa0ba6ab782e8a\System.Configuration.ni.dll
MOD - [2015-12-10 13:45:11 | 018,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\b048b1b4caea8a9a0d692d7162fda032\PresentationFramework.ni.dll
MOD - [2015-12-10 13:44:47 | 011,021,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9905f3bcd9828129c65672acb7c3e095\PresentationCore.ni.dll
MOD - [2015-12-10 13:44:33 | 003,941,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8fdc499a487ea2ae7148bdb776fc2dad\WindowsBase.ni.dll
MOD - [2015-12-10 13:44:28 | 001,945,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\bbb3597701a1444741e098a3ee779c13\Microsoft.VisualBasic.ni.dll
MOD - [2015-12-10 13:44:25 | 007,041,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\cd4d2fdcde4e183bbd35c0e07b28bc2e\System.Core.ni.dll
MOD - [2015-12-10 13:44:17 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\631276b1e140ff705cdd076522f22189\System.ni.dll
MOD - [2015-12-10 13:44:07 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll
MOD - [2015-12-10 13:41:18 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f44084b9b8111c211ae70e63299fc0be\System.Windows.Forms.ni.dll
MOD - [2015-12-10 13:41:05 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ce9cd39367910f8322619a69ba28a85\System.Drawing.ni.dll
MOD - [2015-12-10 13:40:46 | 007,991,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9188b682a091faf275c0294fe77ccbf3\System.ni.dll
MOD - [2015-12-10 13:40:29 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b9d3e6f3fe8936deb2f1defb3a205f9a\mscorlib.ni.dll
MOD - [2013-09-05 00:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2013-01-15 19:18:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
MOD - [2013-01-15 19:18:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
MOD - [2013-01-15 19:18:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
MOD - [2011-09-21 16:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015-12-04 10:51:13 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015-11-16 10:26:38 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015-01-28 16:07:46 | 000,639,808 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC Server\vncservice.exe -- (vncserver)
SRV:64bit: - [2014-07-07 01:52:33 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013-08-16 01:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013-06-01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-05-04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-05-04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013-03-01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-01-09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012-09-20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-08-02 12:54:32 | 000,050,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV:64bit: - [2012-08-02 12:54:32 | 000,050,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV:64bit: - [2012-07-25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-07-25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-25 23:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2017-04-13 02:31:32 | 000,271,448 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017-04-03 13:50:00 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017-02-27 12:14:56 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2017-02-07 23:11:08 | 000,072,024 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe -- (chromoting)
SRV - [2017-02-02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017-01-20 08:54:02 | 004,355,024 | ---- | M] (Malwarebytes) [On_Demand | Stopped] -- C:\Archivos de programa\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV - [2016-11-14 21:14:42 | 000,361,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Archivos de programa\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2016-11-14 21:14:42 | 000,119,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2016-09-05 13:17:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Windows\[email protected] -- (KMS-R@1n)
SRV - [2016-07-29 20:14:06 | 003,046,688 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015-04-14 04:30:00 | 001,773,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2015-04-14 04:30:00 | 000,671,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2015-04-14 04:30:00 | 000,316,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2015-01-29 22:07:00 | 000,102,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe -- (wgsslvpnsrc)
SRV - [2014-10-31 15:56:04 | 000,588,024 | ---- | M] (BlackBerry Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2014-08-31 22:34:28 | 000,390,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WatchGuard\WatchGuard Authentication Client\wgssoclient.exe -- (WatchGuard Authentication Client)
SRV - [2013-10-18 13:15:50 | 000,437,328 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013-10-18 13:15:46 | 000,358,480 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013-10-18 12:22:30 | 000,086,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013-10-09 08:34:16 | 000,905,272 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2013-03-12 17:24:29 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)
SRV - [2013-02-28 21:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012-12-14 03:12:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-11-09 16:36:26 | 000,231,040 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012-11-09 02:16:30 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012-08-22 22:06:28 | 000,468,624 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Archivos de programa\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)
SRV - [2012-08-22 20:32:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Archivos de programa\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2012-08-21 19:06:52 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012-07-25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-07-25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-07-25 23:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012-07-25 23:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2012-07-25 23:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012-07-20 02:39:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012-07-09 14:17:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-08-12 18:15:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2010-01-09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Archivos de programa\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2006-05-12 15:34:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005-07-21 11:44:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2017-04-23 09:28:10 | 000,092,096 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebProtection)
DRV:64bit: - [2017-04-23 09:24:01 | 000,186,304 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\MBAMChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2017-04-23 09:23:55 | 000,111,544 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\farflt.sys -- (MBAMFarflt)
DRV:64bit: - [2017-04-23 09:23:53 | 000,043,968 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2017-04-23 09:23:51 | 000,251,832 | ---- | M] (Malwarebytes) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2017-03-22 11:02:44 | 000,077,440 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mbae64.sys -- (ESProtectionDriver)
DRV:64bit: - [2016-09-05 05:47:12 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2016-09-05 05:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2016-08-25 10:46:12 | 000,135,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2016-08-25 10:46:12 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\MpBoot.sys -- (MpBoot)
DRV:64bit: - [2016-03-28 11:41:34 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2015-11-12 22:50:10 | 000,026,880 | ---- | M] (Western Digital Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2015-10-15 14:29:58 | 000,141,440 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2015-03-04 03:29:17 | 000,361,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015-01-29 22:06:16 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2014-12-18 04:51:28 | 000,096,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-09-03 07:19:36 | 000,169,984 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2014-08-15 22:43:34 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2014-07-24 09:50:54 | 000,447,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-05-06 09:21:02 | 000,079,872 | ---- | M] (BlackBerry Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2013-10-18 13:16:18 | 000,064,080 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013-10-18 13:15:12 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013-10-18 13:14:58 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013-10-18 13:14:58 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013-10-18 13:14:54 | 000,032,848 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013-10-09 08:34:06 | 000,053,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2013-10-08 18:51:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2013-10-08 18:51:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2013-10-05 02:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-09-11 13:37:26 | 000,026,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\PrepDrv.sys -- (prepdrvr)
DRV:64bit: - [2013-08-16 01:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-10 02:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-07-09 04:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013-07-01 21:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-07-01 21:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013-06-29 02:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-05-31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-03-12 17:24:29 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)
DRV:64bit: - [2013-03-02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-28 21:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF)
DRV:64bit: - [2013-01-28 21:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-01-28 19:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-01-11 19:32:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013-01-09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-12-14 03:12:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-12-10 16:18:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012-11-26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-09 16:14:56 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012-11-09 16:14:52 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012-11-09 16:14:52 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012-11-09 16:14:50 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012-11-09 16:14:50 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012-11-09 16:14:48 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012-11-09 16:14:48 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012-11-09 16:14:48 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012-11-05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-10-15 01:44:30 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012-10-12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-03 16:44:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-09-20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-08-20 10:02:46 | 000,316,816 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012-07-26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-25 22:30:23 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2012-07-25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-25 22:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012-07-25 22:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012-07-25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-25 22:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012-07-25 22:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012-07-25 22:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012-07-25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-07-20 17:39:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012-07-09 14:13:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-07-06 22:00:46 | 000,104,960 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2012-06-15 14:20:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010-08-03 16:55:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tapoas.sys -- (tapoas)
DRV - [2017-04-23 10:55:16 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A79D20F1-32A6-4504-B8E7-8AD072C3C710}\MpKsl18140b49.sys -- (MpKsl18140b49)
DRV - [2015-01-12 09:41:59 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.pandion.im/
IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\..\SearchScopes,DefaultScope = {33CCF0C3-815C-47AB-BE3C-49B3552B242B}
IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\..\SearchScopes\{33CCF0C3-815C-47AB-BE3C-49B3552B242B}: "URL" = http://search.pandion.im/#q={searchTerms}
IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "VE"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.defaulturl: "http://static.flipora.com/enhancedsearch_v.html?q={searchTerms}&amp;src_type=sp&amp;ref_type=sp&amp;serp_type=searchbar&amp;gl=&amp;u=16061861&amp;bcb=&amp;t=64.0&amp;tv=v64"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: dnssec%40nic.cz:2.2.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2
FF - prefs.js..keyword.URL: "http://static.flipora.com/enhancedsearch_v.html?serp_type=addbar&ref_type=ab&src_type=ab&gl=ve&u=16061861&bcb=2013-12-12&t=64.0&gl=ve&tv=v64&q="
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 172.16.5.0/24, 192.168.0.0/16,172.16.4.0/24,10.77.79.0/24"
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\lgoncalves\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{536ad1d6-d9d9-41e5-8945-864506a1f2fc}: C:\Program Files (x86)\Pandion\Application\src\..\search\xpi\ [2013-03-12 10:43:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\{536ad1d6-d9d9-41e5-8945-864506a1f2fc}\\setHomepage: 1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\{536ad1d6-d9d9-41e5-8945-864506a1f2fc}\\homepage: http://search.pandion.im/
 
[2013-08-08 23:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\Extensions
[2013-08-08 23:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2017-04-06 09:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions
[2017-03-27 15:59:48 | 000,000,000 | ---D | M] (DNSSEC/TLSA Validator) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]
[2013-08-14 11:08:06 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]
[2017-01-30 15:20:53 | 000,363,943 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected]
[2017-02-13 17:27:45 | 000,442,914 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected]
[2017-03-01 14:02:45 | 002,617,076 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected]
[2013-11-07 18:37:08 | 000,315,980 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected]
[2015-09-03 12:02:30 | 000,029,175 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected]
[2016-09-29 18:48:28 | 001,295,123 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2017-04-19 19:05:01 | 000,005,328 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected]
[2017-04-19 19:05:01 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected]
[2017-04-19 19:05:01 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected]
[2017-04-03 13:50:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2017-04-19 19:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanjhffnbochejifidgcbmnlehfgjkl\2_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpobnhohpnogiaipphaknihlopgbacf\0.90_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk\1.0.3_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio\1.2.1_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\
 
O1 HOSTS File: ([2012-07-26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Archivos de programa\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager]  File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (BlackBerry Limited)
O4 - HKU\S-1-5-21-182186785-877161024-3379391946-3456..\Run: [Akamai NetSession Interface] "C:\Users\lgoncalves\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-182186785-877161024-3379391946-3456..\Run: [Dropbox Update] C:\Users\lgoncalves\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKU\S-1-5-21-182186785-877161024-3379391946-3456..\Run: [GoogleChromeAutoLaunch_9598706025C2E1B222140093678275C2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\lgoncalves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\lgoncalves\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = \\sercaracas04\CARPETAS COMPARTIDAS\INICIO\inicio.pps
O7 - HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = \\serccsdc1\Wallpaper\Wallpaper.jpg
O7 - HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab (Java Plug-in 1.8.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} http://190.207.132.149:8082/web.cab (Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net-uno.net.ve
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{533F9376-DAA2-415A-8A4E-16155F30FC20}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{613FDE11-44AD-4873-92C2-9F741FC07B5F}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\OSppSvc.exe: Debugger - C:\Windows\[email protected] ()
O27:64bit: - HKLM IFEO\SppExtComObj.exe: Debugger - C:\Windows\[email protected] ()
O27 - HKLM IFEO\OSppSvc.exe: Debugger - C:\Windows\[email protected] ()
O27 - HKLM IFEO\SppExtComObj.exe: Debugger - C:\Windows\[email protected] ()
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017-04-22 17:54:10 | 000,186,304 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017-04-22 17:53:53 | 000,111,544 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017-04-22 17:53:49 | 000,092,096 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017-04-22 17:53:30 | 000,043,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017-04-22 17:53:17 | 000,251,832 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017-04-22 17:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017-04-22 17:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017-04-22 17:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017-04-22 17:41:15 | 000,000,000 | ---D | C] -- C:\Users\lgoncalves\AppData\Roaming\ProductData
[2017-04-22 17:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2017-04-21 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\lgoncalves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2017-04-20 14:13:16 | 000,000,000 | ---D | C] -- C:\Users\lgoncalves\AppData\Local\Apple
[2017-04-18 16:35:10 | 000,000,000 | ---D | C] -- C:\Users\lgoncalves\AppData\Local\Adobe
[2017-04-18 16:23:53 | 000,000,000 | ---D | C] -- C:\Users\lgoncalves\AppData\Roaming\CodeBlocks
[2017-04-18 15:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2017-04-18 15:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2017-04-18 15:17:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2017-04-06 09:25:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017-03-24 12:26:21 | 000,000,000 | ---D | C] -- C:\Users\lgoncalves\Documents\yami
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2017-04-23 11:24:59 | 000,000,996 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-182186785-877161024-3379391946-3456UA.job
[2017-04-23 10:40:05 | 000,000,608 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-182186785-877161024-3379391946-3456.job
[2017-04-23 10:38:02 | 000,000,704 | ---- | M] () -- C:\Windows\tasks\G2MUploadTask-S-1-5-21-182186785-877161024-3379391946-3456.job
[2017-04-23 10:31:56 | 000,000,630 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2017-04-23 10:28:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017-04-23 10:26:07 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017-04-23 10:25:58 | 3283,595,264 | -HS- | M] () -- C:\hiberfil.sys
[2017-04-23 09:28:10 | 000,092,096 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017-04-23 09:24:01 | 000,186,304 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017-04-23 09:23:55 | 000,111,544 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017-04-23 09:23:53 | 000,043,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017-04-23 09:23:51 | 000,251,832 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017-04-21 15:24:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-182186785-877161024-3379391946-3456Core.job
[2017-04-18 15:55:35 | 002,153,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017-04-18 15:55:35 | 000,935,410 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2017-04-18 15:55:35 | 000,828,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017-04-18 15:55:35 | 000,217,272 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2017-04-18 15:55:35 | 000,171,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017-04-18 15:17:17 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2017-04-17 10:08:34 | 000,000,600 | ---- | M] () -- C:\Users\lgoncalves\AppData\Local\PUTTY.RND
[2017-04-08 07:17:16 | 000,001,151 | ---- | M] () -- C:\Users\lgoncalves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2017-04-05 15:47:12 | 000,036,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2017-04-04 16:40:05 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2017-04-22 17:53:00 | 000,077,440 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017-04-18 15:17:17 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2017-03-25 10:48:06 | 000,001,151 | ---- | C] () -- C:\Users\lgoncalves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2016-09-05 13:17:36 | 000,026,112 | ---- | C] () -- C:\Windows\[email protected]
[2016-09-05 13:17:36 | 000,005,120 | ---- | C] () -- C:\Windows\[email protected]
[2016-09-05 13:17:36 | 000,004,096 | ---- | C] () -- C:\Windows\[email protected]
[2016-07-15 16:04:33 | 000,012,890 | ---- | C] () -- C:\Users\lgoncalves\config.ini
[2016-02-02 19:10:40 | 000,753,961 | ---- | C] () -- C:\Users\lgoncalves\config.cfg
[2016-01-25 19:08:36 | 000,000,717 | ---- | C] () -- C:\Users\lgoncalves\.octave_hist
[2015-12-05 21:08:34 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2015-10-16 12:30:50 | 000,000,630 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2015-09-08 14:57:04 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2015-08-26 15:59:55 | 000,000,600 | ---- | C] () -- C:\Users\lgoncalves\AppData\Local\PUTTY.RND
[2015-06-01 18:24:37 | 000,000,026 | ---- | C] () -- C:\Users\lgoncalves\.gitconfig
[2015-05-31 22:49:38 | 000,002,433 | ---- | C] () -- C:\Users\lgoncalves\.bash_history
[2015-02-11 13:40:01 | 000,006,019 | ---- | C] () -- C:\Users\lgoncalves\AppData\Roaming\Microsoft Excel 97-2003.EML
[2014-07-12 21:06:01 | 000,008,192 | ---- | C] () -- C:\Users\lgoncalves\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-05-21 10:17:17 | 000,000,613 | ---- | C] () -- C:\Users\lgoncalves\cp_pref.properties
[2014-05-21 10:17:17 | 000,000,000 | ---- | C] () -- C:\Users\lgoncalves\cp_group_pref.properties
[2014-05-21 10:17:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\cp_group.properties
[2013-11-14 16:50:31 | 000,000,271 | ---- | C] () -- C:\Users\lgoncalves\CortoProfile.xml
[2013-08-08 23:52:08 | 000,000,600 | ---- | C] () -- C:\Users\lgoncalves\PUTTY.RND
[2013-08-02 13:14:54 | 000,004,074 | RHS- | C] () -- C:\Users\lgoncalves\ntuser.pol
[2013-03-12 17:05:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013-03-12 11:56:57 | 000,036,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2014-02-03 16:09:05 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015-08-01 09:56:43 | 019,778,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015-08-01 10:50:55 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-10-31 16:41:29 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\IObit
[2013-03-12 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\lm
[2013-03-12 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\Pandion
[2013-03-12 10:45:01 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\Softland
[2015-10-30 16:55:22 | 000,000,000 | ---D | M] -- C:\Users\JSAAVEDRA\AppData\Roaming\IObit
[2015-10-30 16:44:22 | 000,000,000 | ---D | M] -- C:\Users\JSAAVEDRA\AppData\Roaming\lm
[2015-10-30 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\JSAAVEDRA\AppData\Roaming\Pandion
[2015-10-30 16:59:45 | 000,000,000 | ---D | M] -- C:\Users\JSAAVEDRA\AppData\Roaming\ProductData
[2016-08-01 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\AFL Telecommunications LLC, Noyes Test and Inspection
[2014-04-03 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Blackboard
[2017-04-21 14:29:55 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Dropbox
[2015-02-23 10:36:43 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\IObit
[2013-08-02 13:15:15 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\lm
[2013-08-09 10:18:46 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Mikrotik
[2017-01-26 10:57:26 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Notepad++
[2013-08-08 23:49:25 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\OpenVPN Technologies
[2013-11-20 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Pandion
[2017-04-22 17:41:15 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\ProductData
[2015-05-25 16:26:18 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Research In Motion
[2016-07-26 09:13:36 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Rylstim Screen Recorder
[2013-08-13 09:24:41 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Softland
[2017-04-09 07:42:25 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\TeamViewer
[2013-08-05 13:25:02 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\TTYPlus
[2013-08-05 13:37:57 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\VanDyke
[2016-09-14 23:01:53 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\WatchGuard
[2015-12-10 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\webex
[2014-06-11 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Wireshark
[2016-08-25 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\Xerox
[2016-09-21 09:50:11 | 000,000,000 | ---D | M] -- C:\Users\lgoncalves\AppData\Roaming\YCanPDF
[2014-10-31 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\vgalindez\AppData\Roaming\lm
[2014-10-31 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\vgalindez\AppData\Roaming\Pandion
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\lgoncalves\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty

< End of report >
 

[Windows 8 very slow]

Hi Chuck,

Thanks for your help. Below logs collected:

Adware:

# AdwCleaner v6.045 - Archivo de registro creado 06/04/2017 en 09:29:35
# Actualizado en 28/03/2017 por Malwarebytes
# Base de datos : 2017-03-28.2 [Local]
# Sistema Operativo : Windows 8 Pro  (X64)
# Nombre de usuario : LGONCALVES - NU0106E12
# Ejecutado desde : C:\Data\Software\Adware\adwcleaner_6.045.exe
# Modo: Escanear
# Soporte : https://www.malwarebytes.com/support

 

***** [ Servicios ] *****

No se han encontrado servicios maliciosos.

***** [ Carpetas ] *****

Carpeta Encontrada: C:\ProgramData\IObit\ASCDownloader
Carpeta Encontrada: C:\ProgramData\Application Data\IObit\ASCDownloader

***** [ Archivos ] *****

Archivo encontrado: C:\Users\lgoncalves\AppData\Roaming\Mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]
Archivo encontrado: C:\Users\lgoncalves\AppData\Roaming\Mozilla\Firefox\Profiles\zvb8yla4.default\extensions\[email protected]

***** [ DLL ] *****

No se han encontrado DLLs maliciosas.

***** [ WMI ] *****

No se han encontrado claves maliciosas.

***** [ Accesos directos ] *****

No se ha encontrado ningún acceso directo infectado.

***** [ Tareas programadas ] *****

No se ha encontrado ninguna tarea maliciosa.

***** [ Registro ] *****

Llave Encontrada HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52009A26-2572-47DF-8927-53FAC48648F9}
Llave Encontrada HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B5AA012-B549-4450-A0FE-D341D1D71A5}
Llave Encontrada HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98A0A967-3F05-4251-BE55-06F3B72F987}
Llave Encontrada HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F188A1C4-FC31-4373-A8F-293BA2F5FC3}
Llave Encontrada HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
Llave Encontrada HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
Llave Encontrada [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
Llave Encontrada [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
Llave Encontrada HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Llave Encontrada HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Llave Encontrada HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Llave Encontrada HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Llave Encontrada HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Llave Encontrada HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\InstallCore
Llave Encontrada HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\AppDataLow\Software\Crossrider
Llave Encontrada HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
Llave Encontrada HKCU\Software\InstallCore
Llave Encontrada HKCU\Software\AppDataLow\Software\Crossrider
Llave Encontrada HKLM\SOFTWARE\IOBIT\ASC
Llave Encontrada [x64] HKCU\Software\InstallCore
Llave Encontrada [x64] HKCU\Software\AppDataLow\Software\Crossrider
Llave Encontrada [x64] HKLM\SOFTWARE\Tarma Installer
Valor encontrado: HKU\S-1-5-21-182186785-877161024-3379391946-3456\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WebCake Desktop]
Valor encontrado: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Llave Encontrada HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Llave Encontrada HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Llave Encontrada HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Llave Encontrada HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect

***** [ Navegadores Web ] *****

No se han encontrado elementos de navegador maliciosos basados en Firefox.
No se han encontrado elementos de navegador maliciosos basados en Chromium.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [4087 Bytes] - [06/04/2017 09:29:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4160 Bytes] ##########

Junkware:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8 Pro x64
Ran by LGONCALVES (Administrator) on 22-04-2017 at 17:34:41,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 11

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb (Folder)
Successfully deleted: C:\Users\lgoncalves\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\lgoncalves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IKCY5HM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lgoncalves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALV1DHBG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lgoncalves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFW0ED1E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\lgoncalves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y68A23NW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IKCY5HM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALV1DHBG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFW0ED1E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y68A23NW (Temporary Internet Files Folder)

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9598706025C2E1B222140093678275C2 (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22-04-2017 at 17:39:12,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malware:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/22/17
Scan Time: 6:00 PM
Logfile: Malware_report.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1787
License: Trial

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 522003
Time Elapsed: 27 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCSERVICE.EXE, No Action By User, [1479], [380352],1.0.1787

Module: 1
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCSERVICE.EXE, No Action By User, [1479], [380352],1.0.1787

Registry Key: 11
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\INTERFACE\{BA935377-E17C-4475-B1BF-DE3110613A99}, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BA935377-E17C-4475-B1BF-DE3110613A99}, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BA935377-E17C-4475-B1BF-DE3110613A99}, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\TYPELIB\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService8, No Action By User, [1479], [380352],1.0.1787
PUP.Optional.CrossRider, HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{52009A26-2572-47DF-8927-53FAC48648F9}, No Action By User, [235], [237488],1.0.1787
PUP.Optional.Feven, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.8, No Action By User, [3675], [238300],1.0.1787

Registry Value: 2
PUP.Optional.CrossRider, HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{52009A26-2572-47DF-8927-53FAC48648F9}|APPNAME, No Action By User, [235], [237488],1.0.1787
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 8, No Action By User, [1479], [380353],1.0.1787

Registry Data: 5
PUM.Optional.HomepageControl, HKU\S-1-5-21-182186785-877161024-3379391946-30677\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HOMEPAGE, No Action By User, [16293], [293330],1.0.1787
PUM.Optional.HomepageControl, HKU\S-1-5-21-182186785-877161024-3379391946-24789\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HOMEPAGE, No Action By User, [16293], [293330],1.0.1787
PUM.Optional.ForceActiveDesktopOn, HKU\S-1-5-21-182186785-877161024-3379391946-24789\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|FORCEACTIVEDESKTOPON, No Action By User, [16290], [293327],1.0.1787
PUM.Optional.ForceActiveDesktopOn, HKU\S-1-5-21-182186785-877161024-3379391946-3456\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|FORCEACTIVEDESKTOPON, No Action By User, [16290], [293327],1.0.1787
PUM.Optional.ForceActiveDesktopOn, HKU\S-1-5-21-182186785-877161024-3379391946-30677\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|FORCEACTIVEDESKTOPON, No Action By User, [16290], [293327],1.0.1787

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 14
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\ADVANCED SYSTEMCARE 8.LNK, No Action By User, [1479], [380338],1.0.1787
PUP.Optional.BundleInstaller, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\BINSISCHECK654.XML, No Action By User, [25], [260808],1.0.1787
PUP.Optional.MyPCBackup, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\BACKUPSETUP.EXE, No Action By User, [236], [300958],1.0.1787
PUP.Optional.BundleInstaller, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\BINSIS142.XML, No Action By User, [25], [260807],1.0.1787
PUP.Optional.Somoto, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\BITOOL.DLL, No Action By User, [356], [301181],1.0.1787
PUP.Optional.Montiera, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\KR30OJ_H.EXE.PART, No Action By User, [137], [44087],1.0.1787
PUP.Optional.Somoto, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\NSO35EB.TMP, No Action By User, [356], [301181],1.0.1787
PUP.Optional.MyPCBackup, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\FFB605D2-90F8-42C4-8423-87BE61847A55\SOFTWARE\CLOUD_BACKUP_SETUP.EXE, No Action By User, [236], [300958],1.0.1787
PUP.Optional.CrossRider, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\FFB605D2-90F8-42C4-8423-87BE61847A55\SOFTWARE\FEVEN-1-8.EXE, No Action By User, [235], [52039],1.0.1787
PUP.Optional.DeltaTB, C:\USERS\LGONCALVES\APPDATA\LOCAL\TEMP\IS520188154\DELTATB.EXE, No Action By User, [3270], [2886],1.0.1787
PUP.Optional.Bandoo, C:\USERS\LGONCALVES\DOWNLOADS\SETUP_FREEBURNER.EXE, No Action By User, [943], [301304],1.0.1787
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCEXTMENU_64.DLL, No Action By User, [1479], [380348],1.0.1787
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCSERVICE.EXE, No Action By User, [1479], [380352],1.0.1787
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCTRAY.EXE, No Action By User, [1479], [380353],1.0.1787

Physical Sector: 0
(No malicious items detected)

(end)

[Windows 8 very slow]

Hi,

I am running WIndows 8 and since a few weeks ago my computer is very slow. I have run JRT tool and every time find a different thread. Please help.

[Windows XP SP2 malware removal help]

Hi Chuck,

The processes i do not recognize are nvsvc32.exe, rundll32.exe and tw_w32.exe. In addition, there is a videobeach program I can not uninstall from "add and remove programs" in control panel. I have made an antivirus scan and it put in quarantine a video beach file. When the system is starting up, the system shows an error because could not find videobeach.dll.

I have run adwcleaner and jrt.exe. I still cannot open firefox and the system still freezes.

Next, the logs:

Adwcleaner

# AdwCleaner v5.026 - Registro generado 23/12/2015 en 16:27:48
# Actualizado 21/12/2015 por Xplode
# Base de datos : 2015-12-23.1 [Servidor]
# Sistema operativo : Microsoft Windows XP Service Pack 2 (x86)
# Nombre de usuario : DynoPos - CAJA1
# Ejecutado desde : E:\Luigis\adwcleaner_5.026.exe
# Opción : Limpiar
# Apoyo : http://toolslib.net/forum

***** [ Servicios ] *****

[-]  Eliminar : globalUpdate
[-]  Eliminar : globalUpdatem

***** [ Carpetas ] *****

[-] Carpeta Eliminar : C:\Archivos de programa\globalUpdate
[-] Carpeta Eliminar : C:\Documents and Settings\DynoPos\Configuración local\Datos de programa\globalUpdate

***** [ Archivos ] *****

***** [ DLLs ] *****

***** [ Accesos directos ] *****

***** [ Tareas programadas ] *****

[-] Tarea Eliminar : globalUpdateUpdateTaskMachineCore
[-] Tarea Eliminar : globalUpdateUpdateTaskMachineUA
[-] Tarea Eliminar : c9d77c59-0ff5-4036-8806-71115fd01f45-1
[-] Tarea Eliminar : c9d77c59-0ff5-4036-8806-71115fd01f45-11
[-] Tarea Eliminar : c9d77c59-0ff5-4036-8806-71115fd01f45-2
[-] Tarea Eliminar : c9d77c59-0ff5-4036-8806-71115fd01f45-3
[-] Tarea Eliminar : c9d77c59-0ff5-4036-8806-71115fd01f45-4
[-] Tarea Eliminar : c9d77c59-0ff5-4036-8806-71115fd01f45-5
[-] Tarea Eliminar : globalUpdateUpdateTaskMachineCore
[-] Tarea Eliminar : globalUpdateUpdateTaskMachineUA

***** [ Registro ] *****

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Llave Eliminar : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Llave Eliminar : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CrossriderApp0059570.BHO
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CrossriderApp0059570.BHO.1
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CrossriderApp0059570.Sandbox
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CrossriderApp0059570.Sandbox.1
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7b68a327-e387-497f-88c4-10cba8eb048d}
[-] Llave Eliminar : HKCU\Software\Crossrider
[-] Llave Eliminar : HKCU\Software\GlobalUpdate
[-] Llave Eliminar : HKCU\Software\Iminent
[-] Llave Eliminar : HKCU\Software\InstalledBrowserExtensions
[-] Llave Eliminar : HKCU\Software\Softonic
[-] Llave Eliminar : HKLM\SOFTWARE\Description
[-] Llave Eliminar : HKLM\SOFTWARE\GlobalUpdate
[-] Llave Eliminar : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9563BC59-9556-4805-8CD4-886781779D8D}

***** [ Navegadores Web ] *****

[-] [C:\Documents and Settings\DynoPos\Datos de programa\Mozilla\Firefox\Profiles\9pqeunus.default\prefs.js] [Preference] Eliminar : user_pref("extensions.a0b105cbff1eb40b89bca7dae371d7ead239035fb4613ab38efcom61762.61762.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22a[...]
[-] [C:\Documents and Settings\DynoPos\Datos de programa\Mozilla\Firefox\Profiles\9pqeunus.default\prefs.js] [Preference] Eliminar : user_pref("extensions.a0b105cbff1eb40b89bca7dae371d7ead239035fb4613ab38efcom61762.61762.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D[...]
[-] [C:\Documents and Settings\DynoPos\Datos de programa\Mozilla\Firefox\Profiles\9pqeunus.default\prefs.js] [Preference] Eliminar : user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
[-] [C:\Documents and Settings\DynoPos\Datos de programa\Mozilla\Firefox\Profiles\9pqeunus.default\prefs.js] [Preference] Eliminar : user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[-] [C:\Documents and Settings\DynoPos\Datos de programa\Mozilla\Firefox\Profiles\9pqeunus.default\prefs.js] [Preference] Eliminar : user_pref("extensions.crossrider.bic", "147364b33ba1326439f98ec2b3161117");

*************************

:: Llaves "Tracing" removidas
:: Winsock Configuración borrada

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11315 bytes] ##########

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Microsoft Windows XP x86
Ran by DynoPos (Administrator) on 23/12/2015 at 16:36:48,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 5

Successfully deleted: C:\Documents and Settings\DynoPos\Datos de programa\Mozilla\Firefox\Profiles\9pqeunus.default\extensions\staged (Folder)
Successfully deleted: C:\WINDOWS\Tasks\At1.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At2.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At3.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At4.job (Task)

Deleted the following from C:\Documents and Settings\DynoPos\Datos de programa\Mozilla\Firefox\Profiles\9pqeunus.default\prefs.js
user_pref(extensions.a0b105cbff1eb40b89bca7dae371d7ead239035fb4613ab38efcom61762.61762.internaldb.__ICM_LITE__fifty_test_rules.value, %7B%22DE%22%3A%7B%22ALL%22%3A%5B%22ana

 

Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2015 at 16:38:01,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Best regards

 

[Windows XP SP2 malware removal help]

Hi Chuck, 

thanks for your reply. I am running the apps and then I send you the logs.

[Windows XP SP2 malware removal help]

Hi, 

Yes, I still have windows XP, because a program that does not run in a latest version. So my PC freezes sometimes and firefox does not open. I have some process running I do not recognize. Please help

[Pop ups on chrome and firefox]

Hi Chuck, everything is running ok. After I enabled the addons in Firefox I have to enable scripts on trustful sites, but I think is fair if I have a safe browsing.

 

Thank you very much for yur help.

[Pop ups on chrome and firefox]

Hi Chuck, thank you very muh for your help. I have followed your advices and now I have installed the add ons in Firefox. Let me post the last log:

# DelFix v10.8 - Logfile created 29/01/2015 at 23:40:22

# Updated 29/07/2014 by Xplode

# Username : DXXNMS - DXXNMS-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL

Deleted : C:\AdwCleaner

Deleted : C:\Users\DXXNMS\Desktop\JRT.txt

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #129 [Windows Update | 01/19/2015 21:59:21]

Deleted : RP #130 [Restore Operation | 01/25/2015 16:57:45]

Deleted : RP #131 [Windows Update | 01/25/2015 20:34:55]

Deleted : RP #132 [Hot_deleted_Firefox_updated | 01/26/2015 01:48:59]

Deleted : RP #133 [Windows Update | 01/27/2015 22:31:50]

Deleted : RP #134 [OTL Restore Point - 28/01/2015 11:01:20 p.m. | 01/29/2015 03:31:26]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Have a good day!

[Pop ups on chrome and firefox]

Hi Chuck,

 

Posting results from script:

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\DXXNMS\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions folder moved successfully.
File C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\[email protected] not found.
File C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: DXXNMS
->Java cache emptied: 23455867 bytes
 
User: Public
 
Total Java Files Cleaned = 22,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56475 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: DXXNMS
->Flash cache emptied: 63640 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DXXNMS
->Temp folder emptied: 1259821924 bytes
->Temporary Internet Files folder emptied: 327569088 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 364537097 bytes
->Google Chrome cache emptied: 437683742 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12845480110 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78173 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 14.529,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01282015_225148

Files\Folders moved on Reboot...
C:\Users\DXXNMS\AppData\Local\Temp\7zS696A\HPSLPSVC64.DLL moved successfully.
C:\Users\DXXNMS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\DXXNMS\AppData\Local\Temp\MMDUtl.log moved successfully.
File\Folder C:\Users\DXXNMS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\DXXNMS\AppData\Roaming\Dropbox\shellext \l\546b9291䃸峟ﻞ not found!
C:\Users\DXXNMS\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\etilqs_DhCvRugfmg8JdP3Kut2I not found!
File\Folder C:\Windows\temp\etilqs_snG6tXqc74WI5eKNpwf0 not found!
File\Folder C:\Windows\temp\etilqs_ubV11d1mS4WXyJm1hp1g not found!
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[Pop ups on chrome and firefox]

Posting Extras log:

 

OTL Extras logfile created on: 27/01/2015 07:05:21 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Programas\Malware\Malware removal
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 0000200A | Country: Bolivarian Republic of Venezuela | Language: ESV | Date Format: dd/MM/yyyy
 
3,84 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 44,45% Memory free
7,68 Gb Paging File | 4,28 Gb Available in Paging File | 55,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 93,52 Gb Free Space | 20,89% Space Free | Partition Type: NTFS
 
Computer Name: DXXNMS-PC | User Name: DXXNMS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049633BD-C5F5-4C8F-8BA4-819C131AC0E4}" = lport=5353 | protocol=17 | dir=in | app=c:\users\dxxnms\appdata\local\google\chrome\application\chrome.exe |
"{08790B8B-E9FF-4FD4-A8D9-FAC69B47A81F}" = lport=445 | protocol=6 | dir=in | app=system |
"{0B4EEB14-F8E7-4CDF-8023-7805567FD2BD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0EB5D982-DD9C-428C-8F0F-53B03B99F682}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24FD4483-8FE1-41BF-9991-5C8003C1A2C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2B3B473E-3D69-41FB-BEDF-F5CDF0C8B1E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C368B5C-AC0E-483D-BD6E-36C48240FC9B}" = rport=139 | protocol=6 | dir=out | app=system |
"{4140BCDA-7605-45E2-B49C-AF7F6F7CDCBB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{53F8AE6B-3462-4E2D-8910-637B5987B1F9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57EB2789-9586-4DFE-9B97-473043A151B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{655EEE8C-FAD4-4F1C-B0F7-2FA8182F26C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66FCEA96-E9A8-485E-8E54-0241E5416B75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68F990BD-CE1E-4F03-831A-7177AC55D916}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69C7449C-878E-40D9-94FA-5478C43224E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7C467E5C-89E8-49E5-AA3F-E0516364DF39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{813DFAF9-C84D-4096-9158-4C1E50C32B32}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{842B3D8D-1C2E-42C9-88D6-0533033A4E8A}" = lport=137 | protocol=17 | dir=in | app=system |
"{9185BEDC-AABA-479D-9A19-B7E3F42739D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{944089CE-A190-45FA-BE6B-4AFCFE1F3A1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{96EAD4E5-EDF2-47C0-8F17-A76070DBED97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BF898FB-1470-490E-8DE5-6ADF9BB0041C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0D31690-5345-41D0-AB74-42294C391F47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A36FD72C-F1CB-4225-80B5-9C87DC408151}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD1A074A-8B8C-48DA-A527-A48ACCD7EE5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AF2D3D7B-E9FB-42C6-84E8-D00D453C8D09}" = lport=138 | protocol=17 | dir=in | app=system |
"{BB79BE40-5926-4A92-8FFA-F898D393D677}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BD273B39-44A2-465C-84AC-0AA95AABB7A8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C072C76D-3AF8-4475-8478-E4BB1012ABD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3330422-BF1E-4B20-97F6-30B85330202E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3D954ED-82E4-4420-B2A9-EBBD0FCC2749}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5B81170-64FC-4A52-A6AF-24B4C80CAF03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DFC201F3-5242-4653-83CB-CC109C95A43C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E39E777A-192A-4CC0-A876-4142E4E9B762}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E97F8980-E0EC-4900-858C-6E3880B574C2}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0194C303-6AFB-430A-91A5-836B3857103B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{04CD8055-C289-4511-8789-E826CF4A81A6}" = protocol=6 | dir=out | app=system |
"{0D2B6C8D-DE8F-4C64-A6C7-A3C8A262B9DD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1B886470-4948-465C-8519-052BCF8FBDF5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{1DD77B90-BC30-42C2-B8C5-15DD76AC5371}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{23F30DD9-F28A-4597-80D4-2FA186397E84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{251D45A7-6FE5-4513-8659-855AA0C6C45F}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe |
"{36AB3760-1230-4B88-8B3A-4CBBFBDC33EC}" = protocol=58 | dir=in | [email protected],-28545 |
"{3902EB3E-2527-4B9F-8E77-33A9825B6C1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4612BEC9-5C0B-4EDB-8A47-505D66E6801B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{463BB6C3-069A-4FE8-AC95-50B9364D7AE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50772E94-FE99-4C66-9B34-E7803BA11D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{57D50B3B-3771-4597-A21C-BF1BCD94EC1B}" = protocol=6 | dir=in | app=c:\users\dxxnms\appdata\roaming\dropbox\bin\dropbox.exe |
"{58FBF2F9-D9E8-4EA5-A993-5F76E6BFFB71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A26F348-D05C-478D-9DE0-12F0A813C9B4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5A6FF595-69BE-4448-A6A9-77048CAC2987}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{5CF839CC-81AF-4DDC-A097-71AC4B7D1B85}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe |
"{69EE7E52-6CF0-4ADB-BD94-7F8247EDE1E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E4BC4F4-9F12-4606-ABAB-FA6367AAFC05}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78A9CAA5-F368-4597-BA3F-4CF1EBDE989B}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe |
"{79087E24-C90F-4E32-B2D2-6BED6238C502}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |
"{7B47B72F-4460-47E8-9E02-BF348F687AB2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{85CFA627-4076-47B6-9A2C-929C2CA00690}" = protocol=17 | dir=in | app=c:\users\dxxnms\appdata\local\temp\7zs696a\hppiw.exe |
"{8B881EAF-3FE5-45E6-936A-46DBF17F4C4A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92CA4E21-E0E4-4862-9827-C974244C5660}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{931CA322-DC87-4BDB-B215-E8B650E2F10A}" = protocol=58 | dir=out | [email protected],-28546 |
"{934DE604-F8B3-4415-88EF-02CFE17EB6B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{93F8FF3A-BB96-4538-AD62-74DDD63F0F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{96A17B48-56AC-426A-9758-8622C6AC8CDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D68D2B5-6D44-4A08-8249-BD6767B1A47E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A039F442-354F-466D-8140-82EA46785CC0}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{B1A4FCDD-2E07-4D04-B2D5-23332975D27B}" = protocol=6 | dir=in | app=c:\users\dxxnms\appdata\local\temp\7zs696a\hppiw.exe |
"{B25C102C-DFC0-4907-AB78-7517CDE60678}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BB5454C9-0055-46B5-960D-5048EE42FA26}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1121CA7-2ED8-41EF-B934-25843A41D89F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{C6E41838-9F5B-4BF9-BAFA-B7AD2A78F9CA}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{C7B7B821-4851-43AB-9898-34E9944A4559}" = protocol=1 | dir=in | [email protected],-28543 |
"{C7F330D0-277C-4636-A64A-DCD87C2663F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8D298B8-0518-43B2-9012-719D37400594}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{C8F09C90-638B-40DD-980A-B2B41270EA60}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CEA00FE5-F2E0-413D-9C0A-1EB71341B2D2}" = protocol=17 | dir=in | app=c:\users\dxxnms\appdata\roaming\dropbox\bin\dropbox.exe |
"{D5AAB527-C83B-4784-9AE4-3BAA11B97130}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{D61F98E2-C87D-40A7-B39C-A770B28D8FAF}" = dir=in | app=c:\users\dxxnms\appdata\local\microsoft\skydrive\skydrive.exe |
"{D87020C5-A122-434B-BD70-31F5B25C726C}" = dir=in | name=tranfer files |
"{D99199C5-294D-4377-A41C-F645CB823397}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCC6E96C-842B-434F-8C64-1CE4ACDBE94D}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\safetynut\srtool~1\ie\dtuser.exe |
"{DCE6AA83-F3F7-487E-B7CB-2E3930D8B609}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{DDB17592-D26E-42A5-8144-D1F71FF6BFFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E23194FC-F35F-4056-A26D-26D42017C5AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3B4FD8E-93CF-46E5-AA35-7A7994E78A63}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E97E81F7-75E1-47F2-A910-6DD7D87F2A53}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA722943-5628-472C-A1FD-B6289162BD55}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{F38AC815-69D0-48C6-B41A-E5443078E5E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F59FEF20-B317-4230-B2F5-0D5699806CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F66AD0A4-D010-4857-907D-BFBC84EC05AC}" = protocol=1 | dir=out | [email protected],-28544 |
"{F6FA01CE-B543-4885-A51D-2BBE1AAF0D1B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDC8D401-944A-4B3A-9774-FDFAE44D28ED}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\safetynut\srtool~1\ie\dtuser.exe |
"TCP Query User{75368B97-0095-4420-8C6D-28C549F85F0C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{21A8B117-5C15-487D-96C5-F2861147D752}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit)
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{650AF771-456D-418F-BFC7-F6FFC9D0235C}" = HP Deskjet 3050 J610 series Basic Device Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}" = Acer Instant Update Service
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel® Turbo Boost Technology Monitor 2.5
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}" = HP Deskjet 3050 J610 series Product Improvement Study
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
"Recuva" = Recuva
"ZTE USB Driver" = ZTE USB Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}" = Blackboard Collaborate Launcher
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Compatibilidad con Aplicaciones de Apple
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" =  clear.fi SDK - MVP 2
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.13) MUI
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B2AF05E3-4B0C-44A6-B146-322219BF3562}_is1" = Wondershare Dr.Fone(Build 2.0.1.3)
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB2065E8-067A-4303-8795-F3C53C14CAB6}" = PCmover Free
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" =  clear.fi SDK- Movie 2
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2321021-08A2-44D6-B1DF-BDB415F23EC3}" = Adobe Illustrator CC
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FCDB0EF3-673C-FDCE-6498-750F51391660}" = Fooz Kids
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"BN_DesktopReader" = NOOK for PC
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ESET Online Scanner" = ESET Online Scanner v3
"eyeBeam_is1" = eyeBeam 3004t
"FoozKids" = Fooz Kids
"HP Photo Creations" = HP Photo Creations
"iCare Data Recovery Software_is1" = iCare Data Recovery Software 5.4
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.0 Basic
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MovistarLATAM" = Escritorio Movistar Latam
"Mozilla Firefox 35.0.1 (x86 es-ES)" = Mozilla Firefox 35.0.1 (x86 es-ES)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"Music Codec Pack_is1" = Music Codec Pack
"PhotoRescue Pro" = PhotoRescue Pro 4.2
"WildTangent acer Master Uninstall" = Acer Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WiredTools_is1" = WiredTools
"WTA-0293b20b-c2dc-4ff0-b889-3b5d68c9d886" = FATE
"WTA-0d2b2f4c-8a31-4cbd-9e67-cd262552b8d2" = Bejeweled 3
"WTA-2276525f-914f-42be-bec7-70fda93c1d26" = Jewel Match 3
"WTA-30d4d26a-469d-4d03-814c-8b8e4ede9220" = Polar Bowler
"WTA-41f9246b-1381-44e1-8405-10474aec67aa" = Final Drive: Nitro
"WTA-5f9b669d-b1a3-445c-a868-e1b38c72d66a" = Chronicles of Albian
"WTA-60c64b9a-9b08-4323-a6fd-5cedb0db194d" = Cradle of Rome 2
"WTA-6fdcff6f-4031-4257-9c1f-77dd334ad68d" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-8a0a3d33-7fe4-4317-a749-9dc71d677129" = Governor of Poker 2 Premium Edition
"WTA-91beec06-a186-4bb3-8dc3-0583dc982f11" = Virtual Villagers 5 - New Believers
"WTA-aaaf9c58-ec35-4b42-a44a-a7c1c4f1c798" = Chuzzle Deluxe
"WTA-cb97c573-aa6e-4b2d-8acf-fff113ca27e3" = Plants vs. Zombies - Game of the Year
"WTA-d3c5673d-f038-433b-beb7-5e642283b303" = Agatha Christie - Death on the Nile
"WTA-dc103a2d-e75a-40fe-92b2-c337234d52ad" = Penguins!
"WTA-f6e7c00b-405f-4414-bfb4-4386ff1c048e" = Torchlight
"WTA-f80c37a1-ab24-4ff3-af41-b47b21391f81" = Dora's World Adventure
"WTA-f92843b8-442d-4428-bdb1-41957eac4f15" = Zuma's Revenge
"WTA-fa5fb26e-f9d3-4e57-ad16-373c5858b91d" = Polar Golfer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1" = ChromecastApp
"CopyTrans Suite" = Desinstalación de CopyTrans Suite solamente
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Google Chrome Packages" = Google Chrome Packages
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26/01/2015 09:31:32 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26/01/2015 09:31:32 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12480
 
Error - 26/01/2015 09:31:32 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12480
 
Error - 26/01/2015 09:31:33 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26/01/2015 09:31:33 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13479
 
Error - 26/01/2015 09:31:33 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13479
 
Error - 27/01/2015 12:27:42 a.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27/01/2015 12:27:42 a.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045
 
Error - 27/01/2015 12:27:42 a.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error - 27/01/2015 06:56:45 p.m. | Computer Name = DXXNMS-PC | Source = WinMgmt | ID = 10
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 16/11/2014 09:10:47 a.m. | Computer Name = DXXNMS-PC | Source = WLAN-Tray | ID = 0
Description = 08:40:39, Sun, Nov 16, 14 Error - (WLTRAY.EXE-4504)  Unable to start
 peernet session, after 200 iterations
 
Error - 16/11/2014 09:10:47 a.m. | Computer Name = DXXNMS-PC | Source = WLAN-Tray | ID = 0
Description = 08:40:47, Sun, Nov 16, 14 Error - Unable to initialize peernet library

 
Error - 26/01/2015 11:59:16 p.m. | Computer Name = DXXNMS-PC | Source = WLAN-Tray | ID = 0
Description = 23:29:11, Mon, Jan 26, 15 Error - (WLTRAY.EXE-8848)  Unable to start
 peernet session, after 200 iterations
 
Error - 26/01/2015 11:59:16 p.m. | Computer Name = DXXNMS-PC | Source = WLAN-Tray | ID = 0
Description = 23:29:16, Mon, Jan 26, 15 Error - Unable to initialize peernet library

 
[ System Events ]
Error - 26/01/2015 12:19:11 a.m. | Computer Name = DXXNMS-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = The processing of Group Policy failed. Windows could not apply the
 registry-based policy settings for the Group Policy object LocalGPO. Group Policy
 settings will not be resolved until this event is resolved. View the event details
 for more information on the file name and path that caused the failure.
 
Error - 26/01/2015 03:43:33 a.m. | Computer Name = DXXNMS-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the HomeGroupListener service.
 
Error - 26/01/2015 12:53:10 p.m. | Computer Name = DXXNMS-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the lmhosts service.
 
Error - 26/01/2015 06:30:36 p.m. | Computer Name = DXXNMS-PC | Source = bowser | ID = 8003
Description =
 
Error - 26/01/2015 11:58:50 p.m. | Computer Name = DXXNMS-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = The processing of Group Policy failed. Windows could not apply the
 registry-based policy settings for the Group Policy object LocalGPO. Group Policy
 settings will not be resolved until this event is resolved. View the event details
 for more information on the file name and path that caused the failure.
 
Error - 26/01/2015 11:58:57 p.m. | Computer Name = DXXNMS-PC | Source = DCOM | ID = 10010
Description =
 
Error - 27/01/2015 06:54:15 p.m. | Computer Name = DXXNMS-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the lmhosts service.
 
Error - 27/01/2015 06:54:15 p.m. | Computer Name = DXXNMS-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the McShield service.
 
Error - 27/01/2015 06:54:45 p.m. | Computer Name = DXXNMS-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the interface
 with IP address 192.168.2.7.  The computer with the IP address 192.168.2.8 did not
 allow the name to be claimed by  this computer.
 
Error - 27/01/2015 06:56:23 p.m. | Computer Name = DXXNMS-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = The processing of Group Policy failed. Windows could not apply the
 registry-based policy settings for the Group Policy object LocalGPO. Group Policy
 settings will not be resolved until this event is resolved. View the event details
 for more information on the file name and path that caused the failure.
 
 
< End of report >
 

[Pop ups on chrome and firefox]

Posting OTL log:

 

OTL logfile created on: 27/01/2015 07:05:21 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Programas\Malware\Malware removal
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 0000200A | Country: Bolivarian Republic of Venezuela | Language: ESV | Date Format: dd/MM/yyyy
 
3,84 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 44,45% Memory free
7,68 Gb Paging File | 4,28 Gb Available in Paging File | 55,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 93,52 Gb Free Space | 20,89% Space Free | Partition Type: NTFS
 
Computer Name: DXXNMS-PC | User Name: DXXNMS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/27 18:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Programas\Malware\Malware removal\OTL.com
PRC - [2015/01/26 22:50:21 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/08 23:15:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/13 11:23:04 | 000,741,920 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/10/30 14:36:24 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/09/24 21:09:56 | 000,277,672 | ---- | M] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/04/22 21:00:44 | 000,519,328 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe
PRC - [2013/09/14 03:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/09/04 16:23:44 | 001,315,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
PRC - [2013/06/10 17:59:32 | 001,120,256 | ---- | M] (keepvid.com Company) -- C:\Users\DXXNMS\AppData\Local\keepvid.com.exe
PRC - [2012/04/06 22:59:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/04/06 22:59:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/03/23 05:03:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/03/23 05:03:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/03/23 05:03:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/03/23 05:03:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/02/29 09:19:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/27 06:31:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/07 21:33:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 21:33:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 21:33:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 20:24:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/02/01 18:59:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/05 16:52:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 16:51:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/06/14 12:05:02 | 000,201,080 | ---- | M] (Telefónica) -- C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe
PRC - [2011/05/20 12:14:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011/05/12 19:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/20 22:54:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/27 18:27:22 | 000,043,008 | ---- | M] () -- c:\Users\DXXNMS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaw2nrh.dll
MOD - [2015/01/26 22:50:19 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2015/01/25 01:38:43 | 014,913,864 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
MOD - [2015/01/25 01:38:41 | 009,170,760 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll
MOD - [2015/01/25 01:38:37 | 001,117,512 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
MOD - [2015/01/25 01:38:35 | 000,211,272 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\libegl.dll
MOD - [2014/10/21 19:52:50 | 000,750,080 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 19:52:50 | 000,047,616 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 19:52:48 | 000,863,744 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 19:52:46 | 000,200,704 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/10/17 17:13:09 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/17 17:13:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/17 17:12:38 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/09/26 10:07:51 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/24 21:09:54 | 000,081,056 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/04/06 22:59:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/04/06 22:59:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012/01/05 16:52:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 22:05:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:20:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/08 10:42:24 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012/03/21 15:33:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/02/22 16:18:32 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/02/22 15:51:42 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/02/22 15:51:16 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/02/07 20:23:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 20:24:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/03 00:59:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/20 18:45:14 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2011/10/18 19:31:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2011/03/09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011/01/28 14:58:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/22 20:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/01/26 22:50:19 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/14 09:14:11 | 000,259,664 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/12/14 09:14:11 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/07/04 22:52:24 | 001,303,128 | ---- | M] (WiredTools Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\WiredTools\WiredTools.exe -- (WiredTools)
SRV - [2014/04/22 21:00:44 | 000,519,328 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2014/03/20 18:19:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/14 07:13:01 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\DXXNMS\AppData\Local\Temp\7zS696A\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2012/06/08 10:48:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/22 23:55:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/04/03 00:46:31 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/23 05:03:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 09:19:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/02/07 21:33:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 21:33:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 21:33:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/01 18:59:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/05 16:52:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/06/21 15:25:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/14 12:05:02 | 000,201,080 | ---- | M] (Telefónica) [Auto | Running] -- C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2011/06/07 14:55:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 19:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/06/01 18:01:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/08/28 20:59:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/08 10:42:23 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/06/08 10:42:22 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/06/08 10:42:22 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2012/05/04 01:29:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2012/04/03 00:40:29 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/04/03 00:40:29 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/04/03 00:40:29 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/03/26 21:39:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/21 16:53:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/03/21 16:53:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/03/21 16:53:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/03/21 16:53:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/03/21 16:53:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/03/21 16:53:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/03/07 09:18:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 02:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 06:31:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 06:31:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 06:31:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/22 14:59:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 14:59:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 14:59:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/07 01:33:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012/02/07 01:33:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2012/02/01 18:46:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/20 18:44:34 | 000,016,128 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/01/19 03:00:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/12/06 06:53:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/10 04:34:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/04 12:51:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/11/04 12:51:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/09/02 17:06:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/07/14 01:05:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 01:05:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 16:25:24 | 000,234,496 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010/11/26 13:33:14 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/11/20 22:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/19 15:38:12 | 000,019,968 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zte_massejct.sys -- (zte_massejct)
DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)
DRV:64bit: - [2010/10/15 08:50:04 | 000,018,432 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbccid.sys -- (USBZTECCID)
DRV:64bit: - [2010/10/15 08:50:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2009/07/13 21:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}: "URL" = https://search.yahoo.com/search?fr=mcafee&type=B011US662D20141017&p={SearchTerms}
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.18
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/12/13 23:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/11/23 23:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/12/15 08:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Extensions
[2015/01/26 23:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions
[2015/01/19 21:12:54 | 000,392,243 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\[email protected]
[2015/01/26 23:30:15 | 000,732,089 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2015/01/26 22:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 22:50:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.4_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanjhffnbochejifidgcbmnlehfgjkl\2_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\effanfjandoefieknkdjjbfpmhdndfnf\3_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpobnhohpnogiaipphaknihlopgbacf\0.90_0\
CHR - Extension: McAfee SiteAdvisor = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\40.0.2214.82_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.9.534_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.151_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/04/22 22:28:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121021084525.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121021084526.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540026} - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [instantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [keepvid] C:\Users\DXXNMS\AppData\Local\keepvid.com.exe (keepvid.com Company)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [skyDrive] C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\DXXNMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: bancodevenezuela.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.com ([e-bdv] * in Trusted sites)
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.com ([e-bdvcpx] * in Trusted sites)
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.corp ([e-bdvscn] * in Trusted sites)
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.corp ([e-bdvscw] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1438A1C2-1180-43A6-BD9D-AE84032BFC1D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F683D0-2641-4FAB-BA34-7EE792119E0B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F0C967C-24AC-4FAF-B133-1473AB1E9051}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9105DDE-39D9-432B-A397-DB71429B05F0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9105DDE-39D9-432B-A397-DB71429B05F0}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginBdv: DllName - (C:\Program Files (x86)\GbPlugin\gbiehBdv.dll) - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399026} - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3407158b-8670-11e4-ad1b-c01885f658a9}\Shell - "" = AutoRun
O33 - MountPoints2\{3407158b-8670-11e4-ad1b-c01885f658a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/27 18:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2015/01/26 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/25 23:25:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2015/01/25 14:28:29 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/01/25 14:28:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/01/25 14:28:15 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/01/25 14:28:11 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/01/25 14:28:10 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/01/25 14:28:10 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/01/25 14:28:10 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/01/25 14:28:09 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/01/23 22:21:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/07 19:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/01/07 19:32:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/01/07 18:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/01/07 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/10/14 19:43:21 | 013,108,224 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtWebKit4.dll
[2013/09/20 18:42:04 | 008,587,264 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtGui4.dll
[2013/09/20 18:42:04 | 002,599,936 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtCore4.dll
[2013/09/20 18:42:04 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Users\DXXNMS\AppData\Local\libeay32.dll
[2013/09/20 18:42:04 | 001,053,184 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtNetwork4.dll
[2013/09/20 18:42:04 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\msvcr100.dll
[2013/09/20 18:42:04 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\msvcp100.dll
[2013/09/20 18:42:04 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Users\DXXNMS\AppData\Local\ssleay32.dll
[2013/09/20 18:42:03 | 001,120,256 | ---- | C] (keepvid.com Company) -- C:\Users\DXXNMS\AppData\Local\keepvid.com.exe
[2008/02/21 12:38:00 | 000,091,728 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmmdm.sys
[2008/02/21 12:38:00 | 000,078,992 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmserd.sys
[2008/02/21 12:38:00 | 000,066,640 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmbus.sys
[2008/02/21 12:38:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\usbsermptxp.sys
[2008/02/21 12:38:00 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\usbsermpt.sys
[2008/02/21 12:38:00 | 000,009,456 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmmdfl.sys
[2008/02/21 12:38:00 | 000,006,240 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmcmnt.sys
[2008/02/21 12:38:00 | 000,005,968 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmwhnt.sys
[2008/02/21 12:38:00 | 000,004,080 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmcr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/27 18:52:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116665366-1061216413-1134762050-1000UA.job
[2015/01/27 18:37:53 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/27 18:33:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/27 18:33:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/27 18:30:58 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2015/01/27 18:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/27 18:25:26 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/27 18:11:28 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116665366-1061216413-1134762050-1000Core.job
[2015/01/26 23:54:54 | 000,002,378 | ---- | M] () -- C:\Users\DXXNMS\Desktop\Google Chrome.lnk
[2015/01/26 00:05:09 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2015/01/26 00:04:52 | 000,319,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2015/01/26 00:04:51 | 000,191,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2015/01/26 00:04:49 | 000,190,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2015/01/26 00:02:10 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/26 00:01:56 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2015/01/26 00:01:56 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2015/01/26 00:01:55 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2015/01/19 21:43:51 | 000,159,748 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\census.cache
[2015/01/19 21:43:41 | 000,125,433 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\ars.cache
[2015/01/19 21:36:33 | 000,000,010 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\sponge.last.runtime.cache
[2015/01/18 21:53:27 | 000,000,036 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\housecall.guid.cache
[2015/01/15 07:54:00 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/07 21:44:04 | 000,001,141 | ---- | M] () -- C:\Users\DXXNMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk
[2015/01/07 18:57:07 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/01/04 13:29:07 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/04 13:29:07 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/04 13:29:07 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/19 21:43:51 | 000,159,748 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\census.cache
[2015/01/19 21:43:41 | 000,125,433 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\ars.cache
[2015/01/19 21:36:33 | 000,000,010 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\sponge.last.runtime.cache
[2015/01/18 21:53:27 | 000,000,036 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\housecall.guid.cache
[2015/01/07 21:44:04 | 000,001,141 | ---- | C] () -- C:\Users\DXXNMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk
[2015/01/07 18:57:07 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/14 19:43:25 | 000,004,560 | ---- | C] () -- C:\Windows\SysWow64\WiredTools.ini
[2014/10/14 19:43:25 | 000,002,384 | ---- | C] () -- C:\Windows\SysWow64\WiredToolsOff.ini
[2014/08/21 19:56:03 | 000,000,425 | ---- | C] () -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2013/09/21 20:05:14 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/09/20 18:42:19 | 005,195,390 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\helper.dat
[2013/09/20 18:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\DXXNMS\ntuser.pol
[2013/07/02 23:17:51 | 000,000,600 | ---- | C] () -- C:\Users\DXXNMS\AppData\Roaming\winscp.rnd
[2013/05/28 22:55:20 | 000,000,600 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\PUTTY.RND
[2013/05/20 22:20:37 | 000,000,045 | ---- | C] () -- C:\Windows\quicken.ini
[2013/05/02 22:23:49 | 000,004,096 | -H-- | C] () -- C:\Users\DXXNMS\AppData\Local\keyfile3.drm
[2008/10/20 12:24:19 | 000,000,055 | ---- | C] () -- C:\Users\DXXNMS\cta05264
[2008/06/02 23:07:36 | 000,000,000 | ---- | C] () -- C:\Users\DXXNMS\TableSetting
[2008/06/02 23:02:58 | 000,010,957 | ---- | C] () -- C:\Users\DXXNMS\view-plugin.dtd
[2008/06/02 23:02:54 | 000,000,673 | ---- | C] () -- C:\Users\DXXNMS\database.xml
[2008/06/02 23:02:54 | 000,000,258 | ---- | C] () -- C:\Users\DXXNMS\pluginlist
[2008/06/02 23:02:53 | 000,000,171 | ---- | C] () -- C:\Users\DXXNMS\ipvpn.xml
[2008/06/02 23:02:52 | 000,000,494 | ---- | C] () -- C:\Users\DXXNMS\datalink.xml
[2008/06/02 23:02:52 | 000,000,374 | ---- | C] () -- C:\Users\DXXNMS\unicast.xml
[2008/06/02 23:02:51 | 000,000,307 | ---- | C] () -- C:\Users\DXXNMS\internet.xml
[2008/06/02 23:02:50 | 000,000,766 | ---- | C] () -- C:\Users\DXXNMS\dvmrp.xml
[2008/06/02 23:02:49 | 000,000,977 | ---- | C] () -- C:\Users\DXXNMS\multicast.xml
[2008/06/02 23:02:49 | 000,000,221 | ---- | C] () -- C:\Users\DXXNMS\baseline.xml
[2008/06/02 23:02:48 | 000,000,239 | ---- | C] () -- C:\Users\DXXNMS\vpls.xml
[2008/06/02 23:02:47 | 000,000,169 | ---- | C] () -- C:\Users\DXXNMS\voip.xml
[2008/05/17 09:59:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/02/21 12:38:00 | 000,009,842 | ---- | C] () -- C:\Users\DXXNMS\MCCI_MDM.INF
[2008/02/21 12:38:00 | 000,009,232 | ---- | C] () -- C:\Users\DXXNMS\USB_MOT_BRIT.INF
[2008/02/21 12:38:00 | 000,007,141 | ---- | C] () -- C:\Users\DXXNMS\USBMOT2000.INF
[2008/02/21 12:38:00 | 000,006,921 | ---- | C] () -- C:\Users\DXXNMS\MCCI_BUS.INF
[2008/02/21 12:38:00 | 000,006,061 | ---- | C] () -- C:\Users\DXXNMS\USBMOT2000XP.INF
[2008/02/21 12:38:00 | 000,005,880 | ---- | C] () -- C:\Users\DXXNMS\USB_CMCS_2000.INF
[2008/02/21 12:38:00 | 000,005,813 | ---- | C] () -- C:\Users\DXXNMS\USB_MOT_A1000.INF
[2008/02/21 12:38:00 | 000,004,406 | ---- | C] () -- C:\Users\DXXNMS\MCCI_SDM.INF
[2007/05/22 20:18:02 | 000,000,016 | ---- | C] () -- C:\Users\DXXNMS\persistent_state
[2007/05/12 19:14:12 | 000,056,320 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:35:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:11:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/24 20:32:16 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\.kde
[2014/04/24 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Blackboard
[2013/04/04 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2015/01/27 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Dropbox
[2013/03/26 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Garmin
[2012/11/24 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\KDE
[2013/05/02 12:51:23 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\newsXpresso
[2014/04/23 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\QuickScan
[2012/10/19 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Screensaver
[2013/01/26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\SoftGrid Client
[2013/04/06 07:34:42 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/09/05 22:48:21 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TeamViewer
[2014/12/18 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Telefónica
[2014/12/18 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TGCMLog
[2012/11/24 17:50:02 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TP
[2013/06/09 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\WildTangent
[2013/01/13 12:56:11 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >
 

[Pop ups on chrome and firefox]

Hi Chuck, posting checkup log:

 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor    
 Java 8 Update 31  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (35.0.1)
 Google Chrome (40.0.2214.91)
 Google Chrome (40.0.2214.93)
 Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````  
 Malware Malware removal SecurityCheck.exe  
 Symantec Norton Online Backup NOBuAgent.exe  
 Symantec Norton Online Backup NOBuClient.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

[Pop ups on chrome and firefox]

Hi Chuck, I have tried to download securitycheck.exe, but my antivrus renoved the file when the browser it is going to save it. That is why I coul not post the log.

[Pop ups on chrome and firefox]

Malwarebytes Antimalware did not find anything.

[Pop ups on chrome and firefox]

Posting JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by DXXNMS on 25/01/2015 at 23:26:05,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\DXXNMS\AppData\Roaming\getrighttogo"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/01/2015 at 23:29:57,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[Pop ups on chrome and firefox]

Hi Chuck, thanks again for your help. I have made the registry backup as you indicated and I have run adwcleaner, At this time I keep the network functions, luckily. I apologize for attaching instead of posting logs. Posting the log from adwcleaner:

 

# AdwCleaner v4.108 - Report created 23/01/2015 at 22:25:58

# Updated 17/01/2015 by Xplode

# Database : 2015-01-23.3 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : DXXNMS - DXXNMS-PC

# Running from : C:\Programas\Malware\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : hshld

[#] Service Deleted : hsstrayservice

[#] Service Deleted : hsswd

[#] Service Deleted : iSafeKrnl

Service Deleted : iSafeNetFilter

 

***** [ Files / Folders ] *****

 

[#] Folder Deleted : C:\ProgramData\BitGuard

[#] Folder Deleted : C:\ProgramData\Browser Manager

[#] Folder Deleted : C:\ProgramData\BrowserProtect

Folder Deleted : C:\ProgramData\hotspot shield

Folder Deleted : C:\ProgramData\wincert

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC

Folder Deleted : C:\Program Files (x86)\goforfiles

Folder Deleted : C:\Program Files (x86)\hotspot shield

Folder Deleted : C:\Program Files (x86)\iSafe

Folder Deleted : C:\Program Files (x86)\LemurLeap

Folder Deleted : C:\Program Files (x86)\Movies Toolbar

Folder Deleted : C:\Program Files (x86)\Coupons

Folder Deleted : C:\Windows\SysWOW64\hotspot shield

Folder Deleted : C:\Users\DXXNMS\AppData\Local\Temp\hotspot shield

Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield

Folder Deleted : C:\Users\DXXNMS\AppData\Local\CrashRpt

Folder Deleted : C:\Users\DXXNMS\AppData\Roaming\eCyber

Folder Deleted : C:\Users\DXXNMS\AppData\Roaming\hotspot shield

Folder Deleted : C:\Users\DXXNMS\AppData\Roaming\iSafe

Folder Deleted : C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Users\Public\Desktop\YAC.lnk

File Deleted : C:\Users\Public\Desktop\Hotspot Shield.lnk

File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log

File Deleted : C:\Windows\System32\drivers\taphss6.sys

File Deleted : C:\Windows\System32\drivers\hssdrv6.sys

File Deleted : C:\Users\DXXNMS\AppData\Local\ContentFinder.exe

File Deleted : C:\Users\DXXNMS\AppData\Local\ContentSinder.exe

File Deleted : C:\Users\DXXNMS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk

File Deleted : C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : AmiUpdXp

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\SIEN SA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]

Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentFinder]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentSinder]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

Key Deleted : HKCU\Software\anchorfree

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\SafetyNut

Key Deleted : HKCU\Software\V9

Key Deleted : HKLM\SOFTWARE\hotspotshield

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Mozilla Firefox v34.0.5 (x86 es-ES)

 

 

-\\ Google Chrome v

 

 

*************************

 

AdwCleaner[R0].txt - [22880 octets] - [23/01/2015 22:21:52]

AdwCleaner[R1].txt - [22941 octets] - [23/01/2015 22:24:57]

AdwCleaner[s0].txt - [20732 octets] - [23/01/2015 22:25:58]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [20793 octets] ##########

# AdwCleaner v4.109 - Report created 25/01/2015 at 23:07:39

# Updated 24/01/2015 by Xplode

# Database : 2015-01-25.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : DXXNMS - DXXNMS-PC

# Running from : C:\Programas\Malware\adwcleaner_4.109.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : iSafeKrnl

Service Deleted : iSafeNetFilter

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC

Folder Deleted : C:\Program Files (x86)\iSafe

Folder Deleted : C:\Users\DXXNMS\AppData\Local\Temp\hotspot shield

Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield

Folder Deleted : C:\Users\DXXNMS\AppData\Roaming\eCyber

Folder Deleted : C:\Users\DXXNMS\AppData\Roaming\iSafe

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Users\Public\Desktop\YAC.lnk

File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log

File Deleted : C:\Windows\System32\drivers\taphss6.sys

File Deleted : C:\Users\DXXNMS\AppData\Local\ContentFinder.exe

File Deleted : C:\Users\DXXNMS\AppData\Local\ContentSinder.exe

File Deleted : C:\Users\DXXNMS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk

File Deleted : C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\invalidprefs.js

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : AmiUpdXp

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\SIEN SA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]

Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentFinder]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentSinder]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

Key Deleted : HKCU\Software\anchorfree

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\SafetyNut

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\V9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Mozilla Firefox v35.0 (x86 es-ES)

 

 

-\\ Google Chrome v

 

 

*************************

 

AdwCleaner[R0].txt - [44773 octets] - [23/01/2015 22:21:52]

AdwCleaner[R1].txt - [22941 octets] - [23/01/2015 22:24:57]

AdwCleaner[s0].txt - [40871 octets] - [23/01/2015 22:25:58]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [40932 octets] ##########

[Pop ups on chrome and firefox]

Hi Chuck,

 

I have restord the system to the point before adwcleaner cleaning. Now I have my network functions ok, but the malware making a mess on my browsers. Should I back to point where I did not have any network connections and run the OTL fix or I begin from adwcleaner again and take care of cleaning, checking only the options that keep network functions?

[Pop ups on chrome and firefox]

Hi Chuck,

 

As you suggest, I have tried System restore and the Ip functions back again.

[Pop ups on chrome and firefox]

Hi Chuck,

 

Here is security chech log:

 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor    
 Java 7 Update 55  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Google Chrome (39.0.2171.99)
 Google Chrome (40.0.2214.91)
 Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````  
 mcafee VIRUSS~1 mcvsshld.exe  
 SecurityCheck.exe    
 Symantec Norton Online Backup NOBuAgent.exe  
 Symantec Norton Online Backup NOBuClient.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Now, I post the OLT log:

 

OTL logfile created on: 25/01/2015 12:02:46 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Malware removal
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 0000200A | Country: Bolivarian Republic of Venezuela | Language: ESV | Date Format: dd/MM/yyyy
 
3,84 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 63,59% Memory free
7,68 Gb Paging File | 4,93 Gb Available in Paging File | 64,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 92,63 Gb Free Space | 20,69% Space Free | Partition Type: NTFS
Drive E: | 3,76 Gb Total Space | 0,13 Gb Free Space | 3,35% Space Free | Partition Type: FAT32
 
Computer Name: DXXNMS-PC | User Name: DXXNMS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/25 11:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Malware removal\OTL.scr
PRC - [2014/12/08 23:15:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/10/30 14:36:24 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/09/24 21:09:56 | 000,277,672 | ---- | M] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/04/22 21:00:44 | 000,519,328 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe
PRC - [2013/09/14 03:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/09/04 16:23:44 | 001,315,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
PRC - [2013/06/10 17:59:32 | 001,120,256 | ---- | M] (keepvid.com Company) -- C:\Users\DXXNMS\AppData\Local\keepvid.com.exe
PRC - [2012/04/06 22:59:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/04/06 22:59:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/03/23 05:03:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/03/23 05:03:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/03/23 05:03:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/03/23 05:03:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/02/29 09:19:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/27 06:31:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/07 21:33:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 21:33:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 21:33:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 20:24:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/02/01 18:59:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/05 16:52:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 16:51:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/06/14 12:05:02 | 000,201,080 | ---- | M] (Telefónica) -- C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe
PRC - [2011/05/20 12:14:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011/05/12 19:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/20 22:54:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/23 23:12:56 | 000,043,008 | ---- | M] () -- c:\Users\DXXNMS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfaxgar.dll
MOD - [2015/01/20 23:20:45 | 009,171,272 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll
MOD - [2015/01/20 23:20:41 | 001,117,512 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
MOD - [2015/01/20 23:20:39 | 000,211,272 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\libegl.dll
MOD - [2014/10/21 19:52:50 | 000,750,080 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 19:52:50 | 000,047,616 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 19:52:48 | 000,863,744 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 19:52:46 | 000,200,704 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/10/17 17:13:09 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/17 17:13:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/17 17:12:38 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/09/26 10:07:51 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/24 21:09:54 | 000,081,056 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/04/06 22:59:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/04/06 22:59:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012/01/05 16:52:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2007/03/30 10:54:06 | 001,054,856 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Proof\MSSP3ES.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 22:05:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:20:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/08 10:42:24 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012/03/21 15:33:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/02/22 16:18:32 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/02/22 15:51:42 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/02/22 15:51:16 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/02/07 20:23:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 20:24:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/03 00:59:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/20 18:45:14 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2011/10/18 19:31:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2011/03/09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011/01/28 14:58:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/22 20:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/12/14 09:14:11 | 000,259,664 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/12/14 09:14:11 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/26 12:10:36 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/04 22:52:24 | 001,303,128 | ---- | M] (WiredTools Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\WiredTools\WiredTools.exe -- (WiredTools)
SRV - [2014/04/22 21:00:44 | 000,519,328 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2014/03/20 18:19:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/14 07:13:01 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\DXXNMS\AppData\Local\Temp\7zS696A\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2012/06/08 10:48:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/22 23:55:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/04/03 00:46:31 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/23 05:03:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 09:19:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/02/07 21:33:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 21:33:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 21:33:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/01 18:59:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/05 16:52:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/06/21 15:25:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/14 12:05:02 | 000,201,080 | ---- | M] (Telefónica) [Auto | Running] -- C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2011/06/07 14:55:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 19:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/06/01 18:01:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/08/28 20:59:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/08 10:42:23 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/06/08 10:42:22 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/06/08 10:42:22 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2012/05/04 01:29:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2012/04/03 00:40:29 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/04/03 00:40:29 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/04/03 00:40:29 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/03/26 21:39:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/21 16:53:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/03/21 16:53:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/03/21 16:53:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/03/21 16:53:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/03/21 16:53:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/03/21 16:53:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/03/07 09:18:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 02:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 06:31:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 06:31:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 06:31:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/22 14:59:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 14:59:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 14:59:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 14:59:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/07 01:33:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012/02/07 01:33:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2012/02/01 18:46:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/20 18:44:34 | 000,016,128 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/01/19 03:00:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/12/06 06:53:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/10 04:34:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/04 12:51:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/11/04 12:51:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/09/02 17:06:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/07/14 01:05:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 01:05:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 16:25:24 | 000,234,496 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010/11/26 13:33:14 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/11/20 22:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/19 15:38:12 | 000,019,968 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zte_massejct.sys -- (zte_massejct)
DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)
DRV:64bit: - [2010/10/15 08:50:04 | 000,018,432 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbccid.sys -- (USBZTECCID)
DRV:64bit: - [2010/10/15 08:50:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2009/07/13 21:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}: "URL" = https://search.yahoo.com/search?fr=mcafee&type=B011US662D20141017&p={SearchTerms}
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/12/13 23:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/11/23 23:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/12/15 08:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Extensions
[2015/01/19 21:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions
[2015/01/19 21:12:54 | 000,392,243 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\[email protected]
[2014/12/19 07:55:50 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/09/20 18:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015/01/23 22:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/15 08:33:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.4_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanjhffnbochejifidgcbmnlehfgjkl\2_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\effanfjandoefieknkdjjbfpmhdndfnf\3_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpobnhohpnogiaipphaknihlopgbacf\0.90_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\40.0.2214.82_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.9.534_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.151_0\
CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/04/22 22:28:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121021084525.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121021084526.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540026} - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [instantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [keepvid] C:\Users\DXXNMS\AppData\Local\keepvid.com.exe (keepvid.com Company)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [skyDrive] C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\DXXNMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: bancodevenezuela.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.com ([e-bdv] * in Trusted sites)
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.com ([e-bdvcpx] * in Trusted sites)
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.corp ([e-bdvscn] * in Trusted sites)
O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.corp ([e-bdvscw] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1438A1C2-1180-43A6-BD9D-AE84032BFC1D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F683D0-2641-4FAB-BA34-7EE792119E0B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F0C967C-24AC-4FAF-B133-1473AB1E9051}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9105DDE-39D9-432B-A397-DB71429B05F0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9105DDE-39D9-432B-A397-DB71429B05F0}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginBdv: DllName - (C:\Program Files (x86)\GbPlugin\gbiehBdv.dll) - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399026} - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3407158b-8670-11e4-ad1b-c01885f658a9}\Shell - "" = AutoRun
O33 - MountPoints2\{3407158b-8670-11e4-ad1b-c01885f658a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/23 23:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2015/01/23 23:00:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2015/01/23 22:21:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/16 22:42:22 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/01/16 22:42:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/01/16 22:42:02 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/01/16 22:42:00 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/01/16 22:41:59 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/01/16 22:41:58 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/01/16 22:41:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/01/16 22:41:57 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/01/07 19:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/01/07 19:32:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/01/07 18:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/01/07 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2015/01/07 18:44:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/14 19:43:21 | 013,108,224 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtWebKit4.dll
[2013/09/20 18:42:04 | 008,587,264 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtGui4.dll
[2013/09/20 18:42:04 | 002,599,936 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtCore4.dll
[2013/09/20 18:42:04 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Users\DXXNMS\AppData\Local\libeay32.dll
[2013/09/20 18:42:04 | 001,053,184 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtNetwork4.dll
[2013/09/20 18:42:04 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\msvcr100.dll
[2013/09/20 18:42:04 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\msvcp100.dll
[2013/09/20 18:42:04 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Users\DXXNMS\AppData\Local\ssleay32.dll
[2013/09/20 18:42:03 | 001,120,256 | ---- | C] (keepvid.com Company) -- C:\Users\DXXNMS\AppData\Local\keepvid.com.exe
[2008/02/21 12:38:00 | 000,091,728 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmmdm.sys
[2008/02/21 12:38:00 | 000,078,992 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmserd.sys
[2008/02/21 12:38:00 | 000,066,640 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmbus.sys
[2008/02/21 12:38:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\usbsermptxp.sys
[2008/02/21 12:38:00 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\usbsermpt.sys
[2008/02/21 12:38:00 | 000,009,456 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmmdfl.sys
[2008/02/21 12:38:00 | 000,006,240 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmcmnt.sys
[2008/02/21 12:38:00 | 000,005,968 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmwhnt.sys
[2008/02/21 12:38:00 | 000,004,080 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmcr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/25 12:06:13 | 000,004,456 | ---- | M] () -- C:\Windows\SysWow64\WiredTools.ini
[2015/01/25 12:06:13 | 000,002,280 | ---- | M] () -- C:\Windows\SysWow64\WiredToolsOff.ini
[2015/01/25 12:06:13 | 000,002,280 | ---- | M] () -- C:\Windows\SysNative\WiredToolsOff.ini
[2015/01/25 11:52:18 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116665366-1061216413-1134762050-1000UA.job
[2015/01/25 11:41:53 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/25 11:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/25 08:52:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116665366-1061216413-1134762050-1000Core.job
[2015/01/24 15:01:29 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/24 15:01:29 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/24 15:01:29 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/24 14:53:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/24 14:53:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/23 23:20:21 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/23 23:16:16 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2015/01/23 23:10:57 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/23 20:53:08 | 000,002,378 | ---- | M] () -- C:\Users\DXXNMS\Desktop\Google Chrome.lnk
[2015/01/19 21:43:51 | 000,159,748 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\census.cache
[2015/01/19 21:43:41 | 000,125,433 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\ars.cache
[2015/01/19 21:36:33 | 000,000,010 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\sponge.last.runtime.cache
[2015/01/18 21:53:27 | 000,000,036 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\housecall.guid.cache
[2015/01/07 21:44:04 | 000,001,141 | ---- | M] () -- C:\Users\DXXNMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk
[2015/01/07 18:57:07 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/19 21:43:51 | 000,159,748 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\census.cache
[2015/01/19 21:43:41 | 000,125,433 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\ars.cache
[2015/01/19 21:36:33 | 000,000,010 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\sponge.last.runtime.cache
[2015/01/18 21:53:27 | 000,000,036 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\housecall.guid.cache
[2015/01/07 21:44:04 | 000,001,141 | ---- | C] () -- C:\Users\DXXNMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk
[2015/01/07 18:57:07 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/14 19:43:25 | 000,004,456 | ---- | C] () -- C:\Windows\SysWow64\WiredTools.ini
[2014/10/14 19:43:25 | 000,002,280 | ---- | C] () -- C:\Windows\SysWow64\WiredToolsOff.ini
[2014/08/21 19:56:03 | 000,000,425 | ---- | C] () -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2013/09/21 20:05:14 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/09/20 18:42:19 | 005,195,390 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\helper.dat
[2013/09/20 18:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\DXXNMS\ntuser.pol
[2013/07/02 23:17:51 | 000,000,600 | ---- | C] () -- C:\Users\DXXNMS\AppData\Roaming\winscp.rnd
[2013/05/28 22:55:20 | 000,000,600 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\PUTTY.RND
[2013/05/20 22:20:37 | 000,000,045 | ---- | C] () -- C:\Windows\quicken.ini
[2013/05/02 22:23:49 | 000,004,096 | -H-- | C] () -- C:\Users\DXXNMS\AppData\Local\keyfile3.drm
[2013/01/26 21:55:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/20 12:24:19 | 000,000,055 | ---- | C] () -- C:\Users\DXXNMS\cta05264
[2008/06/02 23:07:36 | 000,000,000 | ---- | C] () -- C:\Users\DXXNMS\TableSetting
[2008/06/02 23:02:58 | 000,010,957 | ---- | C] () -- C:\Users\DXXNMS\view-plugin.dtd
[2008/06/02 23:02:54 | 000,000,673 | ---- | C] () -- C:\Users\DXXNMS\database.xml
[2008/06/02 23:02:54 | 000,000,258 | ---- | C] () -- C:\Users\DXXNMS\pluginlist
[2008/06/02 23:02:53 | 000,000,171 | ---- | C] () -- C:\Users\DXXNMS\ipvpn.xml
[2008/06/02 23:02:52 | 000,000,494 | ---- | C] () -- C:\Users\DXXNMS\datalink.xml
[2008/06/02 23:02:52 | 000,000,374 | ---- | C] () -- C:\Users\DXXNMS\unicast.xml
[2008/06/02 23:02:51 | 000,000,307 | ---- | C] () -- C:\Users\DXXNMS\internet.xml
[2008/06/02 23:02:50 | 000,000,766 | ---- | C] () -- C:\Users\DXXNMS\dvmrp.xml
[2008/06/02 23:02:49 | 000,000,977 | ---- | C] () -- C:\Users\DXXNMS\multicast.xml
[2008/06/02 23:02:49 | 000,000,221 | ---- | C] () -- C:\Users\DXXNMS\baseline.xml
[2008/06/02 23:02:48 | 000,000,239 | ---- | C] () -- C:\Users\DXXNMS\vpls.xml
[2008/06/02 23:02:47 | 000,000,169 | ---- | C] () -- C:\Users\DXXNMS\voip.xml
[2008/05/17 09:59:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/02/21 12:38:00 | 000,009,842 | ---- | C] () -- C:\Users\DXXNMS\MCCI_MDM.INF
[2008/02/21 12:38:00 | 000,009,232 | ---- | C] () -- C:\Users\DXXNMS\USB_MOT_BRIT.INF
[2008/02/21 12:38:00 | 000,007,141 | ---- | C] () -- C:\Users\DXXNMS\USBMOT2000.INF
[2008/02/21 12:38:00 | 000,006,921 | ---- | C] () -- C:\Users\DXXNMS\MCCI_BUS.INF
[2008/02/21 12:38:00 | 000,006,061 | ---- | C] () -- C:\Users\DXXNMS\USBMOT2000XP.INF
[2008/02/21 12:38:00 | 000,005,880 | ---- | C] () -- C:\Users\DXXNMS\USB_CMCS_2000.INF
[2008/02/21 12:38:00 | 000,005,813 | ---- | C] () -- C:\Users\DXXNMS\USB_MOT_A1000.INF
[2008/02/21 12:38:00 | 000,004,406 | ---- | C] () -- C:\Users\DXXNMS\MCCI_SDM.INF
[2007/05/22 20:18:02 | 000,000,016 | ---- | C] () -- C:\Users\DXXNMS\persistent_state
[2007/05/12 19:14:12 | 000,056,320 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:35:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:11:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/24 20:32:16 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\.kde
[2014/04/24 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Blackboard
[2013/04/04 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2015/01/19 19:24:09 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Dropbox
[2013/03/26 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Garmin
[2012/11/24 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\KDE
[2013/05/02 12:51:23 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\newsXpresso
[2014/04/23 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\QuickScan
[2012/10/19 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Screensaver
[2013/01/26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\SoftGrid Client
[2013/04/06 07:34:42 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/09/05 22:48:21 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TeamViewer
[2014/12/18 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Telefónica
[2014/12/18 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TGCMLog
[2012/11/24 17:50:02 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TP
[2013/06/09 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\WildTangent
[2013/01/13 12:56:11 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\WindSolutions

< End of report >

Please let me know if I have to try with a System Restore.
 

[Pop ups on chrome and firefox]

I forgot to run dds.scr. Now I have attached the dds log and attach log in zip format.

Malware.zip