lgoncalves Posted January 23, 2015 Report Share Posted January 23, 2015 Hi, my wife installed some program to download music and after that constantly pop ups open when I click anywhere on chrome and firefox. Please I need some help to clean it up, because malwarebytes antimalware scan did not find anything. Link to post Share on other sites
flashh4 Posted January 23, 2015 Report Share Posted January 23, 2015 Howdy LUIS and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Perform all actions in the order given.Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so !Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =================================== AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the "Clean" button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder.NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply !Re-Boot your computer now !!NEXT Download Malwarebytes' Anti-Malware (save it to your desktop). >>> http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14079554978349&key=bf4adfcbb328b51c165afd7f95bfc060&libId=42688bc4-849b-499e-80b4-6ff4c3b395d8&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D128466&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmbam-download.php&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3De77133f793c31b8c04786ca55ed0fbe6%26showforum%3D27&title=Windows%208%20very%20slow%20and%20drops%20wi-fi%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=%3Cspan%20style%3D%22color%3A%230000FF%3B%22%3E%3Cstrong%3EMalwarebytes%27%20Anti-Malware%3C%2Fstrong%3E%3C%2Fspan%3E * Windows XP : Double click on the icon to run it. * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" * Select Scan tab.* Select type of scan to perform: * Threat Scan < --- Select this type of scan * Custom Scan * Hyper ScanNext click the Scan button.When the scan is complete, if no malicious items are found you can close the program.If malicious items are found be sure that everything is checked, and click Quarantine .When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. NEXTDownload DDS and save it to your Desktop. >>> DDS Double click dds.scr to run the tool. If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt. DDS will now scan your computer. When the scan is complete, DDS will open two (2) logs: DDS.txt Attach.txt If not saved these logs will be automatically deleted when closed, so save both to your Desktop. Please note it is important that you post BOTH logs in your topic.Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com To summarize, post these logs next !!!!!1. AdwCleaner Log2. Junkware Removal Log3. Malwarebytes Log4. DDS logs ThanksChuck Link to post Share on other sites
lgoncalves Posted January 24, 2015 Author Report Share Posted January 24, 2015 Hi Chuck, thanks for your help. I have run Adwcleaner and junkware cleaner and I attached the logs. Malwarebytes did not find anything. However, after I run adwcleaner I could not connect to any network anymore. In wireless mode the PC detect the access point, but it did not get any IP address. When I check on network and sharing center the ethernet port did not get IP address. I think I have to make system restore. Please help.AdwCleanerS0.txtJRT.txtMalware.txt Link to post Share on other sites
lgoncalves Posted January 24, 2015 Author Report Share Posted January 24, 2015 I forgot to run dds.scr. Now I have attached the dds log and attach log in zip format.Malware.zip Link to post Share on other sites
flashh4 Posted January 24, 2015 Report Share Posted January 24, 2015 Hi Luis, I sent a PM reply back to you ! Please copy& paste the logs from now on, it makes it easier for me to read !! Hoping your IP address is fixed now !I need these programs run then post the logs please (Not as a Zip or TXT) Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below.Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box. * A Notepad document should open automatically called checkup.txt * Please post the contents of that document in your next reply. NEXTDownload OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! Post Next:1. Security Check log2. Otl log ThanksChuck Let me know if you have IP address back & connected to internet ??? Link to post Share on other sites
lgoncalves Posted January 25, 2015 Author Report Share Posted January 25, 2015 Hi Chuck, Here is security chech log: Results of screen317's Security Check version 0.99.95 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Java 7 Update 55 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Reader 10.1.13 Adobe Reader out of Date! Mozilla Firefox 34.0.5 Firefox out of Date! Google Chrome (39.0.2171.99) Google Chrome (40.0.2214.91) Google Chrome (plugins...)````````Process Check: objlist.exe by Laurent```````` mcafee VIRUSS~1 mcvsshld.exe SecurityCheck.exe Symantec Norton Online Backup NOBuAgent.exe Symantec Norton Online Backup NOBuClient.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1%````````````````````End of Log`````````````````````` Now, I post the OLT log: OTL logfile created on: 25/01/2015 12:02:46 p.m. - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = E:\Malware removal64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17501)Locale: 0000200A | Country: Bolivarian Republic of Venezuela | Language: ESV | Date Format: dd/MM/yyyy 3,84 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 63,59% Memory free7,68 Gb Paging File | 4,93 Gb Available in Paging File | 64,24% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 447,66 Gb Total Space | 92,63 Gb Free Space | 20,69% Space Free | Partition Type: NTFSDrive E: | 3,76 Gb Total Space | 0,13 Gb Free Space | 3,35% Space Free | Partition Type: FAT32 Computer Name: DXXNMS-PC | User Name: DXXNMS | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/01/25 11:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Malware removal\OTL.scrPRC - [2014/12/08 23:15:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2014/10/30 14:36:24 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exePRC - [2014/09/24 21:09:56 | 000,277,672 | ---- | M] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exePRC - [2014/04/22 21:00:44 | 000,519,328 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\GbpSv.exePRC - [2013/09/14 03:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exePRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exePRC - [2013/09/04 16:23:44 | 001,315,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exePRC - [2013/06/10 17:59:32 | 001,120,256 | ---- | M] (keepvid.com Company) -- C:\Users\DXXNMS\AppData\Local\keepvid.com.exePRC - [2012/04/06 22:59:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exePRC - [2012/04/06 22:59:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exePRC - [2012/03/23 05:03:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exePRC - [2012/03/23 05:03:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exePRC - [2012/03/23 05:03:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exePRC - [2012/03/23 05:03:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exePRC - [2012/02/29 09:19:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exePRC - [2012/02/27 06:31:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exePRC - [2012/02/07 21:33:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2012/02/07 21:33:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2012/02/07 21:33:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exePRC - [2012/02/06 20:24:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2012/02/01 18:59:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2012/01/05 16:52:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exePRC - [2012/01/05 16:51:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exePRC - [2011/06/14 12:05:02 | 000,201,080 | ---- | M] (Telefónica) -- C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exePRC - [2011/05/20 12:14:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exePRC - [2011/05/12 19:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEPRC - [2010/11/20 22:54:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe ========== Modules (No Company Name) ========== MOD - [2015/01/23 23:12:56 | 000,043,008 | ---- | M] () -- c:\Users\DXXNMS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfaxgar.dllMOD - [2015/01/20 23:20:45 | 009,171,272 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dllMOD - [2015/01/20 23:20:41 | 001,117,512 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\libglesv2.dllMOD - [2015/01/20 23:20:39 | 000,211,272 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\libegl.dllMOD - [2014/10/21 19:52:50 | 000,750,080 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\libGLESv2.dllMOD - [2014/10/21 19:52:50 | 000,047,616 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\libEGL.dllMOD - [2014/10/21 19:52:48 | 000,863,744 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dllMOD - [2014/10/21 19:52:46 | 000,200,704 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dllMOD - [2014/10/17 17:13:09 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dllMOD - [2014/10/17 17:13:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dllMOD - [2014/10/17 17:12:38 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dllMOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2014/09/26 10:07:51 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllMOD - [2014/09/24 21:09:54 | 000,081,056 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dllMOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dllMOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dllMOD - [2012/04/06 22:59:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exeMOD - [2012/04/06 22:59:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exeMOD - [2012/01/05 16:52:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dllMOD - [2007/03/30 10:54:06 | 001,054,856 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Proof\MSSP3ES.DLL ========== Services (SafeList) ========== SRV:64bit: - [2014/11/21 22:05:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2013/05/27 01:20:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2012/06/08 10:42:24 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)SRV:64bit: - [2012/03/21 15:33:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2012/02/22 16:18:32 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)SRV:64bit: - [2012/02/22 15:51:42 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)SRV:64bit: - [2012/02/22 15:51:16 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)SRV:64bit: - [2012/02/07 20:23:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV:64bit: - [2012/02/06 20:24:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)SRV:64bit: - [2012/02/03 00:59:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV:64bit: - [2012/01/20 18:45:14 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)SRV:64bit: - [2011/10/18 19:31:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)SRV:64bit: - [2011/03/09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)SRV:64bit: - [2011/01/28 14:58:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)SRV:64bit: - [2010/09/22 20:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV - [2014/12/14 09:14:11 | 000,259,664 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)SRV - [2014/12/14 09:14:11 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2014/11/26 12:10:36 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2014/07/04 22:52:24 | 001,303,128 | ---- | M] (WiredTools Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\WiredTools\WiredTools.exe -- (WiredTools)SRV - [2014/04/22 21:00:44 | 000,519,328 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\GbpSv.exe -- (GbpSv)SRV - [2014/03/20 18:19:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2012/11/14 07:13:01 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\DXXNMS\AppData\Local\Temp\7zS696A\HPSLPSVC64.DLL -- (HPSLPSVC)SRV - [2012/06/08 10:48:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2012/04/22 23:55:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2012/04/03 00:46:31 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/03/23 05:03:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)SRV - [2012/02/29 09:19:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)SRV - [2012/02/07 21:33:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2012/02/07 21:33:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2012/02/07 21:33:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2012/02/01 18:59:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2012/01/05 16:52:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)SRV - [2011/06/21 15:25:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)SRV - [2011/06/14 12:05:02 | 000,201,080 | ---- | M] (Telefónica) [Auto | Running] -- C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)SRV - [2011/06/07 14:55:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)SRV - [2011/05/12 19:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)SRV - [2011/03/09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)SRV - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)SRV - [2010/06/01 18:01:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2013/08/28 20:59:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/06/08 10:42:23 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)DRV:64bit: - [2012/06/08 10:42:22 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2012/06/08 10:42:22 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)DRV:64bit: - [2012/05/04 01:29:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)DRV:64bit: - [2012/04/03 00:40:29 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV:64bit: - [2012/04/03 00:40:29 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV:64bit: - [2012/04/03 00:40:29 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV:64bit: - [2012/03/26 21:39:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2012/03/21 16:53:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)DRV:64bit: - [2012/03/21 16:53:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)DRV:64bit: - [2012/03/21 16:53:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2012/03/21 16:53:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2012/03/21 16:53:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2012/03/21 16:53:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2012/03/07 09:18:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)DRV:64bit: - [2012/03/01 02:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/27 06:31:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)DRV:64bit: - [2012/02/27 06:31:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)DRV:64bit: - [2012/02/27 06:31:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)DRV:64bit: - [2012/02/22 14:59:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)DRV:64bit: - [2012/02/22 14:59:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)DRV:64bit: - [2012/02/22 14:59:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)DRV:64bit: - [2012/02/22 14:59:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)DRV:64bit: - [2012/02/22 14:59:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)DRV:64bit: - [2012/02/22 14:59:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)DRV:64bit: - [2012/02/22 14:59:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)DRV:64bit: - [2012/02/22 14:59:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)DRV:64bit: - [2012/02/07 01:33:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)DRV:64bit: - [2012/02/07 01:33:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)DRV:64bit: - [2012/02/01 18:46:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2012/01/20 18:44:34 | 000,016,128 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)DRV:64bit: - [2012/01/19 03:00:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)DRV:64bit: - [2011/12/06 06:53:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2011/11/10 04:34:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2011/11/04 12:51:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)DRV:64bit: - [2011/11/04 12:51:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)DRV:64bit: - [2011/09/02 17:06:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)DRV:64bit: - [2011/07/14 01:05:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/07/14 01:05:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/12/07 16:25:24 | 000,234,496 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)DRV:64bit: - [2010/11/26 13:33:14 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)DRV:64bit: - [2010/11/20 22:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 22:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/20 22:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 22:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/11/19 15:38:12 | 000,019,968 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zte_massejct.sys -- (zte_massejct)DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)DRV:64bit: - [2010/10/15 08:50:04 | 000,018,432 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbccid.sys -- (USBZTECCID)DRV:64bit: - [2010/10/15 08:50:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)DRV:64bit: - [2009/07/13 21:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 21:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 21:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 16:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 16:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 16:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 16:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV - [2009/07/13 20:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}: "URL" = https://search.yahoo.com/search?fr=mcafee&type=B011US662D20141017&p={SearchTerms}IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555 ========== FireFox ========== FF - prefs.js..browser.search.isUS: falseFF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/12/13 23:24:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/11/23 23:36:08 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Extensions[2015/01/19 21:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions[2015/01/19 21:12:54 | 000,392,243 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\[email protected][2014/12/19 07:55:50 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi[2013/09/20 18:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2015/01/23 22:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2014/12/15 08:33:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: (Enabled)CHR - default_search_provider: search_url =CHR - default_search_provider: suggest_url =CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllCHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllCHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Google Update (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dllCHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanjhffnbochejifidgcbmnlehfgjkl\2_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\effanfjandoefieknkdjjbfpmhdndfnf\3_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpobnhohpnogiaipphaknihlopgbacf\0.90_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\40.0.2214.82_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.9.534_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.151_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2014/04/22 22:28:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121021084525.dll (McAfee, Inc.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121021084526.dll (McAfee, Inc.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540026} - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [instantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)O4 - HKLM..\Run: [keepvid] C:\Users\DXXNMS\AppData\Local\keepvid.com.exe (keepvid.com Company)O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [skyDrive] C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\DXXNMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: bancodevenezuela.com ([www] * in Trusted sites)O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.com ([e-bdv] * in Trusted sites)O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.com ([e-bdvcpx] * in Trusted sites)O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.corp ([e-bdvscn] * in Trusted sites)O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.corp ([e-bdvscw] * in Trusted sites)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1438A1C2-1180-43A6-BD9D-AE84032BFC1D}: DhcpNameServer = 172.20.10.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F683D0-2641-4FAB-BA34-7EE792119E0B}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F0C967C-24AC-4FAF-B133-1473AB1E9051}: DhcpNameServer = 172.20.10.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9105DDE-39D9-432B-A397-DB71429B05F0}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9105DDE-39D9-432B-A397-DB71429B05F0}: NameServer = 8.8.8.8O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)O18:64bit: - Protocol\Filter\text/xml - No CLSID value foundO18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\ GbPluginBdv: DllName - (C:\Program Files (x86)\GbPlugin\gbiehBdv.dll) - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399026} - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{3407158b-8670-11e4-ad1b-c01885f658a9}\Shell - "" = AutoRunO33 - MountPoints2\{3407158b-8670-11e4-ad1b-c01885f658a9}\Shell\AutoRun\command - "" = E:\AutoRun.exeO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015/01/23 23:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee[2015/01/23 23:00:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2015/01/23 22:21:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2015/01/16 22:42:22 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe[2015/01/16 22:42:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll[2015/01/16 22:42:02 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2015/01/16 22:42:00 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2015/01/16 22:41:59 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2015/01/16 22:41:58 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll[2015/01/16 22:41:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe[2015/01/16 22:41:57 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll[2015/01/07 19:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2015/01/07 19:32:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2015/01/07 18:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2015/01/07 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7[2015/01/07 18:44:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2014/10/14 19:43:21 | 013,108,224 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtWebKit4.dll[2013/09/20 18:42:04 | 008,587,264 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtGui4.dll[2013/09/20 18:42:04 | 002,599,936 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtCore4.dll[2013/09/20 18:42:04 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Users\DXXNMS\AppData\Local\libeay32.dll[2013/09/20 18:42:04 | 001,053,184 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtNetwork4.dll[2013/09/20 18:42:04 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\msvcr100.dll[2013/09/20 18:42:04 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\msvcp100.dll[2013/09/20 18:42:04 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Users\DXXNMS\AppData\Local\ssleay32.dll[2013/09/20 18:42:03 | 001,120,256 | ---- | C] (keepvid.com Company) -- C:\Users\DXXNMS\AppData\Local\keepvid.com.exe[2008/02/21 12:38:00 | 000,091,728 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmmdm.sys[2008/02/21 12:38:00 | 000,078,992 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmserd.sys[2008/02/21 12:38:00 | 000,066,640 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmbus.sys[2008/02/21 12:38:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\usbsermptxp.sys[2008/02/21 12:38:00 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\usbsermpt.sys[2008/02/21 12:38:00 | 000,009,456 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmmdfl.sys[2008/02/21 12:38:00 | 000,006,240 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmcmnt.sys[2008/02/21 12:38:00 | 000,005,968 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmwhnt.sys[2008/02/21 12:38:00 | 000,004,080 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmcr.sys[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015/01/25 12:06:13 | 000,004,456 | ---- | M] () -- C:\Windows\SysWow64\WiredTools.ini[2015/01/25 12:06:13 | 000,002,280 | ---- | M] () -- C:\Windows\SysWow64\WiredToolsOff.ini[2015/01/25 12:06:13 | 000,002,280 | ---- | M] () -- C:\Windows\SysNative\WiredToolsOff.ini[2015/01/25 11:52:18 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116665366-1061216413-1134762050-1000UA.job[2015/01/25 11:41:53 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2015/01/25 11:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2015/01/25 08:52:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116665366-1061216413-1134762050-1000Core.job[2015/01/24 15:01:29 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2015/01/24 15:01:29 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2015/01/24 15:01:29 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2015/01/24 14:53:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2015/01/24 14:53:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2015/01/23 23:20:21 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys[2015/01/23 23:16:16 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk[2015/01/23 23:10:57 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys[2015/01/23 20:53:08 | 000,002,378 | ---- | M] () -- C:\Users\DXXNMS\Desktop\Google Chrome.lnk[2015/01/19 21:43:51 | 000,159,748 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\census.cache[2015/01/19 21:43:41 | 000,125,433 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\ars.cache[2015/01/19 21:36:33 | 000,000,010 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\sponge.last.runtime.cache[2015/01/18 21:53:27 | 000,000,036 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\housecall.guid.cache[2015/01/07 21:44:04 | 000,001,141 | ---- | M] () -- C:\Users\DXXNMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk[2015/01/07 18:57:07 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015/01/19 21:43:51 | 000,159,748 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\census.cache[2015/01/19 21:43:41 | 000,125,433 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\ars.cache[2015/01/19 21:36:33 | 000,000,010 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\sponge.last.runtime.cache[2015/01/18 21:53:27 | 000,000,036 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\housecall.guid.cache[2015/01/07 21:44:04 | 000,001,141 | ---- | C] () -- C:\Users\DXXNMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk[2015/01/07 18:57:07 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2014/10/14 19:43:25 | 000,004,456 | ---- | C] () -- C:\Windows\SysWow64\WiredTools.ini[2014/10/14 19:43:25 | 000,002,280 | ---- | C] () -- C:\Windows\SysWow64\WiredToolsOff.ini[2014/08/21 19:56:03 | 000,000,425 | ---- | C] () -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0[2013/09/21 20:05:14 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2013/09/20 18:42:19 | 005,195,390 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\helper.dat[2013/09/20 18:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\DXXNMS\ntuser.pol[2013/07/02 23:17:51 | 000,000,600 | ---- | C] () -- C:\Users\DXXNMS\AppData\Roaming\winscp.rnd[2013/05/28 22:55:20 | 000,000,600 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\PUTTY.RND[2013/05/20 22:20:37 | 000,000,045 | ---- | C] () -- C:\Windows\quicken.ini[2013/05/02 22:23:49 | 000,004,096 | -H-- | C] () -- C:\Users\DXXNMS\AppData\Local\keyfile3.drm[2013/01/26 21:55:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI[2008/10/20 12:24:19 | 000,000,055 | ---- | C] () -- C:\Users\DXXNMS\cta05264[2008/06/02 23:07:36 | 000,000,000 | ---- | C] () -- C:\Users\DXXNMS\TableSetting[2008/06/02 23:02:58 | 000,010,957 | ---- | C] () -- C:\Users\DXXNMS\view-plugin.dtd[2008/06/02 23:02:54 | 000,000,673 | ---- | C] () -- C:\Users\DXXNMS\database.xml[2008/06/02 23:02:54 | 000,000,258 | ---- | C] () -- C:\Users\DXXNMS\pluginlist[2008/06/02 23:02:53 | 000,000,171 | ---- | C] () -- C:\Users\DXXNMS\ipvpn.xml[2008/06/02 23:02:52 | 000,000,494 | ---- | C] () -- C:\Users\DXXNMS\datalink.xml[2008/06/02 23:02:52 | 000,000,374 | ---- | C] () -- C:\Users\DXXNMS\unicast.xml[2008/06/02 23:02:51 | 000,000,307 | ---- | C] () -- C:\Users\DXXNMS\internet.xml[2008/06/02 23:02:50 | 000,000,766 | ---- | C] () -- C:\Users\DXXNMS\dvmrp.xml[2008/06/02 23:02:49 | 000,000,977 | ---- | C] () -- C:\Users\DXXNMS\multicast.xml[2008/06/02 23:02:49 | 000,000,221 | ---- | C] () -- C:\Users\DXXNMS\baseline.xml[2008/06/02 23:02:48 | 000,000,239 | ---- | C] () -- C:\Users\DXXNMS\vpls.xml[2008/06/02 23:02:47 | 000,000,169 | ---- | C] () -- C:\Users\DXXNMS\voip.xml[2008/05/17 09:59:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2008/02/21 12:38:00 | 000,009,842 | ---- | C] () -- C:\Users\DXXNMS\MCCI_MDM.INF[2008/02/21 12:38:00 | 000,009,232 | ---- | C] () -- C:\Users\DXXNMS\USB_MOT_BRIT.INF[2008/02/21 12:38:00 | 000,007,141 | ---- | C] () -- C:\Users\DXXNMS\USBMOT2000.INF[2008/02/21 12:38:00 | 000,006,921 | ---- | C] () -- C:\Users\DXXNMS\MCCI_BUS.INF[2008/02/21 12:38:00 | 000,006,061 | ---- | C] () -- C:\Users\DXXNMS\USBMOT2000XP.INF[2008/02/21 12:38:00 | 000,005,880 | ---- | C] () -- C:\Users\DXXNMS\USB_CMCS_2000.INF[2008/02/21 12:38:00 | 000,005,813 | ---- | C] () -- C:\Users\DXXNMS\USB_MOT_A1000.INF[2008/02/21 12:38:00 | 000,004,406 | ---- | C] () -- C:\Users\DXXNMS\MCCI_SDM.INF[2007/05/22 20:18:02 | 000,000,016 | ---- | C] () -- C:\Users\DXXNMS\persistent_state[2007/05/12 19:14:12 | 000,056,320 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 00:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:35:42 | 014,175,744 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:11:30 | 012,874,240 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/24 20:32:16 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\.kde[2014/04/24 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Blackboard[2013/04/04 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2015/01/19 19:24:09 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Dropbox[2013/03/26 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Garmin[2012/11/24 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\KDE[2013/05/02 12:51:23 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\newsXpresso[2014/04/23 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\QuickScan[2012/10/19 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Screensaver[2013/01/26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\SoftGrid Client[2013/04/06 07:34:42 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1[2014/09/05 22:48:21 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TeamViewer[2014/12/18 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Telefónica[2014/12/18 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TGCMLog[2012/11/24 17:50:02 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TP[2013/06/09 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\WildTangent[2013/01/13 12:56:11 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\WindSolutions< End of report >Please let me know if I have to try with a System Restore. Link to post Share on other sites
lgoncalves Posted January 25, 2015 Author Report Share Posted January 25, 2015 Hi Chuck, As you suggest, I have tried System restore and the Ip functions back again. Link to post Share on other sites
flashh4 Posted January 25, 2015 Report Share Posted January 25, 2015 Hey Luis, lets continue with the cleaning ! We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems.Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. Should be on your desk top ! * Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}E - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}: "URL" = https://search.yahoo...662D20141017&p={SearchTerms}FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2014/12/15 08:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Extensions[2015/01/19 21:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions[2015/01/19 21:12:54 | 000,392,243 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\[email protected][2014/12/19 07:55:50 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi[2013/09/20 18:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2015/01/23 22:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensionsCHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanjhffnbochejifidgcbmnlehfgjkl\2_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\effanfjandoefieknkdjjbfpmhdndfnf\3_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpobnhohpnogiaipphaknihlopgbacf\0.90_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\40.0.2214.82_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.9.534_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.151_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18:64bit: - Protocol\Filter\text/xml - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection.Post that log next please !ThanksChuck Also these are out dated: Lets update them ! Java version 32-bit out of Date![*]Please go here to install Java >>> http://www.java.com/en/ [o] click on the Free Java Download Button [o] click on Agree and start Free download [o] click on Run [o] click on run again [o] click on install [o] when install is complete click on close [*]Reboot your computerAdobe Reader 10.1.13 Adobe Reader out of Date! Update Adobe ReaderMake sure you uncheck the box to install McAfee Security Scan PlusPlease uninstall unless you already have Adobe Reader XXX XXX xxx before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader XX xxx xx and click on Change/Remove to uninstall it. Click here to download the latest version of Adobe Acrobat Reader. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader. Close your Internet browser and open it again. Mozilla Firefox 34.0.5 Firefox out of Date! Instructions here for update: >>> https://support.mozilla.org/en-US/kb/update-firefox-latest-version Now let me know how it is running & if any problems exist ??? ThanksChuck Link to post Share on other sites
lgoncalves Posted January 26, 2015 Author Report Share Posted January 26, 2015 Hi Chuck, I have restord the system to the point before adwcleaner cleaning. Now I have my network functions ok, but the malware making a mess on my browsers. Should I back to point where I did not have any network connections and run the OTL fix or I begin from adwcleaner again and take care of cleaning, checking only the options that keep network functions? Link to post Share on other sites
flashh4 Posted January 26, 2015 Report Share Posted January 26, 2015 Hi Luis, ok lets start all over on this because of the system restore ! There is no reason that Adwcleaner would remove your IP address ! This program allows you to keep a complete backup of your registry and restore it when needed.The standard registry backup options that come with Windows back up most of the registry but not all of it.ERUNT however creates a complete backup set, including the Security hive and user related sections.ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files.The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.Backup the RegistryDownload ERUNT Save it to your desktop. Right click on the downloaded file(erunt.zip) and click Extract.Follow the prompts to extract the file. Now click on the folder "erunt" and find and double click on the file called Erunt.exe Click OK. Then Click OK again. Click save and then go to File > Exit.This is so the registry can be restored to this point if we need it. It may take a minute. Just let it run until it's done. ========================== Lets do this all over again !! I don't think you will have problems with the ISP address ! AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the "Clean" button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder.NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !!NEXT Download Malwarebytes' Anti-Malware (save it to your desktop). >>> http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14079554978349&key=bf4adfcbb328b51c165afd7f95bfc060&libId=42688bc4-849b-499e-80b4-6ff4c3b395d8&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D128466&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmbam-download.php&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3De77133f793c31b8c04786ca55ed0fbe6%26showforum%3D27&title=Windows%208%20very%20slow%20and%20drops%20wi-fi%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=%3Cspan%20style%3D%22color%3A%230000FF%3B%22%3E%3Cstrong%3EMalwarebytes%27%20Anti-Malware%3C%2Fstrong%3E%3C%2Fspan%3E * Windows XP : Double click on the icon to run it. * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" * Select Scan tab.* Select type of scan to perform: * Threat Scan < --- Select this type of scan * Custom Scan * Hyper ScanNext click the Scan button.When the scan is complete, if no malicious items are found you can close the program.If malicious items are found be sure that everything is checked, and click Quarantine .When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. To summarize, post these logs next !!!!!1. AdwCleaner Log2. Junkware Removal Log3. Malwarebytes Log Please do not attach ............. it makes them harder to read ! ThanksChuck Link to post Share on other sites
lgoncalves Posted January 26, 2015 Author Report Share Posted January 26, 2015 Hi Chuck, thanks again for your help. I have made the registry backup as you indicated and I have run adwcleaner, At this time I keep the network functions, luckily. I apologize for attaching instead of posting logs. Posting the log from adwcleaner: # AdwCleaner v4.108 - Report created 23/01/2015 at 22:25:58# Updated 17/01/2015 by Xplode# Database : 2015-01-23.3 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : DXXNMS - DXXNMS-PC# Running from : C:\Programas\Malware\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : hshld[#] Service Deleted : hsstrayservice[#] Service Deleted : hsswd[#] Service Deleted : iSafeKrnlService Deleted : iSafeNetFilter ***** [ Files / Folders ] ***** [#] Folder Deleted : C:\ProgramData\BitGuard[#] Folder Deleted : C:\ProgramData\Browser Manager[#] Folder Deleted : C:\ProgramData\BrowserProtectFolder Deleted : C:\ProgramData\hotspot shieldFolder Deleted : C:\ProgramData\wincertFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shieldFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YACFolder Deleted : C:\Program Files (x86)\goforfilesFolder Deleted : C:\Program Files (x86)\hotspot shieldFolder Deleted : C:\Program Files (x86)\iSafeFolder Deleted : C:\Program Files (x86)\LemurLeapFolder Deleted : C:\Program Files (x86)\Movies ToolbarFolder Deleted : C:\Program Files (x86)\CouponsFolder Deleted : C:\Windows\SysWOW64\hotspot shieldFolder Deleted : C:\Users\DXXNMS\AppData\Local\Temp\hotspot shieldFolder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shieldFolder Deleted : C:\Users\DXXNMS\AppData\Local\CrashRptFolder Deleted : C:\Users\DXXNMS\AppData\Roaming\eCyberFolder Deleted : C:\Users\DXXNMS\AppData\Roaming\hotspot shieldFolder Deleted : C:\Users\DXXNMS\AppData\Roaming\iSafeFolder Deleted : C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbolFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\Users\Public\Desktop\YAC.lnkFile Deleted : C:\Users\Public\Desktop\Hotspot Shield.lnkFile Deleted : C:\Windows\System32\log\iSafeKrnlCall.logFile Deleted : C:\Windows\System32\drivers\taphss6.sysFile Deleted : C:\Windows\System32\drivers\hssdrv6.sysFile Deleted : C:\Users\DXXNMS\AppData\Local\ContentFinder.exeFile Deleted : C:\Users\DXXNMS\AppData\Local\ContentSinder.exeFile Deleted : C:\Users\DXXNMS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnkFile Deleted : C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** Task Deleted : AmiUpdXp ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\SIEN SAKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exeValue Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentFinder]Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentSinder]Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}Key Deleted : HKCU\Software\anchorfreeKey Deleted : HKCU\Software\APN DTXKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\SafetyNutKey Deleted : HKCU\Software\V9Key Deleted : HKLM\SOFTWARE\hotspotshieldKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshieldKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARPKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1CKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CDKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflipKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaroKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteeraKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exeKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v34.0.5 (x86 es-ES) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [22880 octets] - [23/01/2015 22:21:52]AdwCleaner[R1].txt - [22941 octets] - [23/01/2015 22:24:57]AdwCleaner[s0].txt - [20732 octets] - [23/01/2015 22:25:58] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [20793 octets] ########### AdwCleaner v4.109 - Report created 25/01/2015 at 23:07:39# Updated 24/01/2015 by Xplode# Database : 2015-01-25.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : DXXNMS - DXXNMS-PC# Running from : C:\Programas\Malware\adwcleaner_4.109.exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : iSafeKrnlService Deleted : iSafeNetFilter ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YACFolder Deleted : C:\Program Files (x86)\iSafeFolder Deleted : C:\Users\DXXNMS\AppData\Local\Temp\hotspot shieldFolder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shieldFolder Deleted : C:\Users\DXXNMS\AppData\Roaming\eCyberFolder Deleted : C:\Users\DXXNMS\AppData\Roaming\iSafeFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\Users\Public\Desktop\YAC.lnkFile Deleted : C:\Windows\System32\log\iSafeKrnlCall.logFile Deleted : C:\Windows\System32\drivers\taphss6.sysFile Deleted : C:\Users\DXXNMS\AppData\Local\ContentFinder.exeFile Deleted : C:\Users\DXXNMS\AppData\Local\ContentSinder.exeFile Deleted : C:\Users\DXXNMS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnkFile Deleted : C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\invalidprefs.js ***** [ Scheduled Tasks ] ***** Task Deleted : AmiUpdXp ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\SIEN SAKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exeValue Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentFinder]Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ContentSinder]Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}Key Deleted : HKCU\Software\anchorfreeKey Deleted : HKCU\Software\APN DTXKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\SafetyNutKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\V9Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARPKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1CKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CDKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflipKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaroKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteeraKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exeKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.comData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v35.0 (x86 es-ES) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [44773 octets] - [23/01/2015 22:21:52]AdwCleaner[R1].txt - [22941 octets] - [23/01/2015 22:24:57]AdwCleaner[s0].txt - [40871 octets] - [23/01/2015 22:25:58] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [40932 octets] ########## Link to post Share on other sites
lgoncalves Posted January 26, 2015 Author Report Share Posted January 26, 2015 Posting JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.1 (12.28.2014:1)OS: Windows 7 Home Premium x64Ran by DXXNMS on 25/01/2015 at 23:26:05,35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Internet Explorer\Main\\Start Page~~~ Registry Keys~~~ FilesSuccessfully deleted: [File] "C:\Windows\wininit.ini"~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\DXXNMS\AppData\Roaming\getrighttogo"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 25/01/2015 at 23:29:57,30End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
lgoncalves Posted January 26, 2015 Author Report Share Posted January 26, 2015 Malwarebytes Antimalware did not find anything. Link to post Share on other sites
flashh4 Posted January 26, 2015 Report Share Posted January 26, 2015 Hey Luis, i knew that the Adwcleaner would not break your ISP but as with everything something could always go bad ! Anyway lets continue with the cleaning ! I don't think there will be any changes in the Security Check log but run it anyway !! Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below.Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box. * A Notepad document should open automatically called checkup.txt * Please post the contents of that document in your next reply. NEXTDownload OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! Post Next:1. Security Check log2. Otl log ThanksChuck Link to post Share on other sites
lgoncalves Posted January 27, 2015 Author Report Share Posted January 27, 2015 Hi Chuck, I have tried to download securitycheck.exe, but my antivrus renoved the file when the browser it is going to save it. That is why I coul not post the log. Link to post Share on other sites
flashh4 Posted January 27, 2015 Report Share Posted January 27, 2015 Lusi i need the OTL log as soon as you get it !! ThanksChuck Link to post Share on other sites
lgoncalves Posted January 27, 2015 Author Report Share Posted January 27, 2015 Hi Chuck, posting checkup log: Results of screen317's Security Check version 0.99.95 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Reader 10.1.13 Adobe Reader out of Date! Mozilla Firefox (35.0.1) Google Chrome (40.0.2214.91) Google Chrome (40.0.2214.93) Google Chrome (plugins...)````````Process Check: objlist.exe by Laurent```````` Malware Malware removal SecurityCheck.exe Symantec Norton Online Backup NOBuAgent.exe Symantec Norton Online Backup NOBuClient.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2%````````````````````End of Log`````````````````````` Link to post Share on other sites
lgoncalves Posted January 28, 2015 Author Report Share Posted January 28, 2015 Posting OTL log: OTL logfile created on: 27/01/2015 07:05:21 p.m. - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Programas\Malware\Malware removal64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17501)Locale: 0000200A | Country: Bolivarian Republic of Venezuela | Language: ESV | Date Format: dd/MM/yyyy 3,84 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 44,45% Memory free7,68 Gb Paging File | 4,28 Gb Available in Paging File | 55,80% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 447,66 Gb Total Space | 93,52 Gb Free Space | 20,89% Space Free | Partition Type: NTFS Computer Name: DXXNMS-PC | User Name: DXXNMS | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/01/27 18:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Programas\Malware\Malware removal\OTL.comPRC - [2015/01/26 22:50:21 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2014/12/08 23:15:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2014/11/13 11:23:04 | 000,741,920 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exePRC - [2014/10/30 14:36:24 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exePRC - [2014/09/24 21:09:56 | 000,277,672 | ---- | M] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exePRC - [2014/04/22 21:00:44 | 000,519,328 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\GbpSv.exePRC - [2013/09/14 03:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exePRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exePRC - [2013/09/04 16:23:44 | 001,315,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exePRC - [2013/06/10 17:59:32 | 001,120,256 | ---- | M] (keepvid.com Company) -- C:\Users\DXXNMS\AppData\Local\keepvid.com.exePRC - [2012/04/06 22:59:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exePRC - [2012/04/06 22:59:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exePRC - [2012/03/23 05:03:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exePRC - [2012/03/23 05:03:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exePRC - [2012/03/23 05:03:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exePRC - [2012/03/23 05:03:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exePRC - [2012/02/29 09:19:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exePRC - [2012/02/27 06:31:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exePRC - [2012/02/07 21:33:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2012/02/07 21:33:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2012/02/07 21:33:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exePRC - [2012/02/06 20:24:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2012/02/01 18:59:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2012/01/05 16:52:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exePRC - [2012/01/05 16:51:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exePRC - [2011/06/14 12:05:02 | 000,201,080 | ---- | M] (Telefónica) -- C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exePRC - [2011/05/20 12:14:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exePRC - [2011/05/12 19:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEPRC - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exePRC - [2010/11/20 22:54:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe ========== Modules (No Company Name) ========== MOD - [2015/01/27 18:27:22 | 000,043,008 | ---- | M] () -- c:\Users\DXXNMS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaw2nrh.dllMOD - [2015/01/26 22:50:19 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dllMOD - [2015/01/25 01:38:43 | 014,913,864 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dllMOD - [2015/01/25 01:38:41 | 009,170,760 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dllMOD - [2015/01/25 01:38:37 | 001,117,512 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\libglesv2.dllMOD - [2015/01/25 01:38:35 | 000,211,272 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\libegl.dllMOD - [2014/10/21 19:52:50 | 000,750,080 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\libGLESv2.dllMOD - [2014/10/21 19:52:50 | 000,047,616 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\libEGL.dllMOD - [2014/10/21 19:52:48 | 000,863,744 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dllMOD - [2014/10/21 19:52:46 | 000,200,704 | ---- | M] () -- C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dllMOD - [2014/10/17 17:13:09 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dllMOD - [2014/10/17 17:13:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dllMOD - [2014/10/17 17:12:38 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dllMOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2014/09/26 10:07:51 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllMOD - [2014/09/24 21:09:54 | 000,081,056 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dllMOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dllMOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dllMOD - [2012/04/06 22:59:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exeMOD - [2012/04/06 22:59:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exeMOD - [2012/01/05 16:52:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/11/21 22:05:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2013/05/27 01:20:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2012/06/08 10:42:24 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)SRV:64bit: - [2012/03/21 15:33:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2012/02/22 16:18:32 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)SRV:64bit: - [2012/02/22 15:51:42 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)SRV:64bit: - [2012/02/22 15:51:16 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)SRV:64bit: - [2012/02/07 20:23:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV:64bit: - [2012/02/06 20:24:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)SRV:64bit: - [2012/02/03 00:59:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV:64bit: - [2012/01/20 18:45:14 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)SRV:64bit: - [2011/10/18 19:31:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)SRV:64bit: - [2011/03/09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)SRV:64bit: - [2011/01/28 14:58:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)SRV:64bit: - [2011/01/27 20:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)SRV:64bit: - [2010/09/22 20:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV - [2015/01/26 22:50:19 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2014/12/14 09:14:11 | 000,259,664 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)SRV - [2014/12/14 09:14:11 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2014/07/04 22:52:24 | 001,303,128 | ---- | M] (WiredTools Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\WiredTools\WiredTools.exe -- (WiredTools)SRV - [2014/04/22 21:00:44 | 000,519,328 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\GbpSv.exe -- (GbpSv)SRV - [2014/03/20 18:19:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2012/11/14 07:13:01 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\DXXNMS\AppData\Local\Temp\7zS696A\HPSLPSVC64.DLL -- (HPSLPSVC)SRV - [2012/06/08 10:48:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2012/04/22 23:55:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2012/04/03 00:46:31 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/03/23 05:03:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)SRV - [2012/02/29 09:19:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)SRV - [2012/02/07 21:33:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2012/02/07 21:33:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2012/02/07 21:33:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2012/02/01 18:59:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2012/01/05 16:52:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)SRV - [2011/06/21 15:25:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)SRV - [2011/06/14 12:05:02 | 000,201,080 | ---- | M] (Telefónica) [Auto | Running] -- C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)SRV - [2011/06/07 14:55:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)SRV - [2011/05/12 19:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)SRV - [2011/03/09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)SRV - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)SRV - [2010/06/01 18:01:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2013/08/28 20:59:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/06/08 10:42:23 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)DRV:64bit: - [2012/06/08 10:42:22 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2012/06/08 10:42:22 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)DRV:64bit: - [2012/05/04 01:29:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)DRV:64bit: - [2012/04/03 00:40:29 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV:64bit: - [2012/04/03 00:40:29 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV:64bit: - [2012/04/03 00:40:29 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV:64bit: - [2012/03/26 21:39:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2012/03/21 16:53:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)DRV:64bit: - [2012/03/21 16:53:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)DRV:64bit: - [2012/03/21 16:53:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2012/03/21 16:53:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2012/03/21 16:53:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2012/03/21 16:53:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2012/03/07 09:18:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)DRV:64bit: - [2012/03/01 02:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/27 06:31:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)DRV:64bit: - [2012/02/27 06:31:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)DRV:64bit: - [2012/02/27 06:31:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)DRV:64bit: - [2012/02/22 14:59:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)DRV:64bit: - [2012/02/22 14:59:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)DRV:64bit: - [2012/02/22 14:59:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)DRV:64bit: - [2012/02/22 14:59:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)DRV:64bit: - [2012/02/22 14:59:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)DRV:64bit: - [2012/02/22 14:59:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)DRV:64bit: - [2012/02/22 14:59:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)DRV:64bit: - [2012/02/22 14:59:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)DRV:64bit: - [2012/02/07 01:33:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)DRV:64bit: - [2012/02/07 01:33:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)DRV:64bit: - [2012/02/01 18:46:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2012/01/20 18:44:34 | 000,016,128 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)DRV:64bit: - [2012/01/19 03:00:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)DRV:64bit: - [2011/12/06 06:53:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2011/11/10 04:34:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2011/11/04 12:51:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)DRV:64bit: - [2011/11/04 12:51:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)DRV:64bit: - [2011/09/02 17:06:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)DRV:64bit: - [2011/07/14 01:05:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/07/14 01:05:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/12/07 16:25:24 | 000,234,496 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)DRV:64bit: - [2010/11/26 13:33:14 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)DRV:64bit: - [2010/11/20 22:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 22:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/20 22:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 22:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/11/19 15:38:12 | 000,019,968 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zte_massejct.sys -- (zte_massejct)DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)DRV:64bit: - [2010/10/15 08:50:04 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext2.sys -- (ZTEusbMB)DRV:64bit: - [2010/10/15 08:50:04 | 000,018,432 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbccid.sys -- (USBZTECCID)DRV:64bit: - [2010/10/15 08:50:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)DRV:64bit: - [2009/07/13 21:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 21:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 21:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 16:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 16:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 16:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 16:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV - [2009/07/13 20:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}: "URL" = https://search.yahoo.com/search?fr=mcafee&type=B011US662D20141017&p={SearchTerms}IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.isUS: falseFF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.18FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/12/13 23:24:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/11/23 23:36:08 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Extensions[2015/01/26 23:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions[2015/01/19 21:12:54 | 000,392,243 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\[email protected][2015/01/26 23:30:15 | 000,732,089 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi[2015/01/26 22:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2015/01/26 22:50:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: (Enabled)CHR - default_search_provider: search_url =CHR - default_search_provider: suggest_url =CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllCHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllCHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Google Update (Enabled) = C:\Users\DXXNMS\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dllCHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanjhffnbochejifidgcbmnlehfgjkl\2_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\effanfjandoefieknkdjjbfpmhdndfnf\3_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpobnhohpnogiaipphaknihlopgbacf\0.90_0\CHR - Extension: McAfee SiteAdvisor = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\40.0.2214.82_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.9.534_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.151_0\CHR - Extension: No name found = C:\Users\DXXNMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2014/04/22 22:28:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121021084525.dll (McAfee, Inc.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121021084526.dll (McAfee, Inc.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540026} - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [instantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)O4 - HKLM..\Run: [keepvid] C:\Users\DXXNMS\AppData\Local\keepvid.com.exe (keepvid.com Company)O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)O4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [skyDrive] C:\Users\DXXNMS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\DXXNMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DXXNMS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: bancodevenezuela.com ([www] * in Trusted sites)O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.com ([e-bdv] * in Trusted sites)O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.com ([e-bdvcpx] * in Trusted sites)O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.corp ([e-bdvscn] * in Trusted sites)O15 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..Trusted Domains: banvenez.corp ([e-bdvscw] * in Trusted sites)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1438A1C2-1180-43A6-BD9D-AE84032BFC1D}: DhcpNameServer = 172.20.10.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F683D0-2641-4FAB-BA34-7EE792119E0B}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F0C967C-24AC-4FAF-B133-1473AB1E9051}: DhcpNameServer = 172.20.10.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9105DDE-39D9-432B-A397-DB71429B05F0}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9105DDE-39D9-432B-A397-DB71429B05F0}: NameServer = 8.8.8.8O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)O18:64bit: - Protocol\Filter\text/xml - No CLSID value foundO18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\ GbPluginBdv: DllName - (C:\Program Files (x86)\GbPlugin\gbiehBdv.dll) - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399026} - C:\Program Files (x86)\GbPlugin\gbiehbdv.dll (Banco de Venezuela)O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{3407158b-8670-11e4-ad1b-c01885f658a9}\Shell - "" = AutoRunO33 - MountPoints2\{3407158b-8670-11e4-ad1b-c01885f658a9}\Shell\AutoRun\command - "" = E:\AutoRun.exeO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015/01/27 18:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee[2015/01/26 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[2015/01/25 23:25:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2015/01/25 14:28:29 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe[2015/01/25 14:28:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll[2015/01/25 14:28:15 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2015/01/25 14:28:11 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2015/01/25 14:28:10 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2015/01/25 14:28:10 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll[2015/01/25 14:28:10 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe[2015/01/25 14:28:09 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll[2015/01/23 22:21:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2015/01/07 19:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2015/01/07 19:32:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2015/01/07 18:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2015/01/07 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2015/01/07 18:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7[2014/10/14 19:43:21 | 013,108,224 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtWebKit4.dll[2013/09/20 18:42:04 | 008,587,264 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtGui4.dll[2013/09/20 18:42:04 | 002,599,936 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtCore4.dll[2013/09/20 18:42:04 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Users\DXXNMS\AppData\Local\libeay32.dll[2013/09/20 18:42:04 | 001,053,184 | ---- | C] (Digia Plc and/or its subsidiary(-ies)) -- C:\Users\DXXNMS\AppData\Local\QtNetwork4.dll[2013/09/20 18:42:04 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\msvcr100.dll[2013/09/20 18:42:04 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\AppData\Local\msvcp100.dll[2013/09/20 18:42:04 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Users\DXXNMS\AppData\Local\ssleay32.dll[2013/09/20 18:42:03 | 001,120,256 | ---- | C] (keepvid.com Company) -- C:\Users\DXXNMS\AppData\Local\keepvid.com.exe[2008/02/21 12:38:00 | 000,091,728 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmmdm.sys[2008/02/21 12:38:00 | 000,078,992 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmserd.sys[2008/02/21 12:38:00 | 000,066,640 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmbus.sys[2008/02/21 12:38:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\usbsermptxp.sys[2008/02/21 12:38:00 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\DXXNMS\usbsermpt.sys[2008/02/21 12:38:00 | 000,009,456 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmmdfl.sys[2008/02/21 12:38:00 | 000,006,240 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmcmnt.sys[2008/02/21 12:38:00 | 000,005,968 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmwhnt.sys[2008/02/21 12:38:00 | 000,004,080 | ---- | C] (MCCI) -- C:\Users\DXXNMS\mqdmcr.sys[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015/01/27 18:52:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116665366-1061216413-1134762050-1000UA.job[2015/01/27 18:37:53 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2015/01/27 18:33:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2015/01/27 18:33:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2015/01/27 18:30:58 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk[2015/01/27 18:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2015/01/27 18:25:26 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys[2015/01/27 18:11:28 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116665366-1061216413-1134762050-1000Core.job[2015/01/26 23:54:54 | 000,002,378 | ---- | M] () -- C:\Users\DXXNMS\Desktop\Google Chrome.lnk[2015/01/26 00:05:09 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll[2015/01/26 00:04:52 | 000,319,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe[2015/01/26 00:04:51 | 000,191,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe[2015/01/26 00:04:49 | 000,190,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe[2015/01/26 00:02:10 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2015/01/26 00:01:56 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2015/01/26 00:01:56 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2015/01/26 00:01:55 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2015/01/19 21:43:51 | 000,159,748 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\census.cache[2015/01/19 21:43:41 | 000,125,433 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\ars.cache[2015/01/19 21:36:33 | 000,000,010 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\sponge.last.runtime.cache[2015/01/18 21:53:27 | 000,000,036 | ---- | M] () -- C:\Users\DXXNMS\AppData\Local\housecall.guid.cache[2015/01/15 07:54:00 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys[2015/01/07 21:44:04 | 000,001,141 | ---- | M] () -- C:\Users\DXXNMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk[2015/01/07 18:57:07 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2015/01/04 13:29:07 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2015/01/04 13:29:07 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2015/01/04 13:29:07 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015/01/19 21:43:51 | 000,159,748 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\census.cache[2015/01/19 21:43:41 | 000,125,433 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\ars.cache[2015/01/19 21:36:33 | 000,000,010 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\sponge.last.runtime.cache[2015/01/18 21:53:27 | 000,000,036 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\housecall.guid.cache[2015/01/07 21:44:04 | 000,001,141 | ---- | C] () -- C:\Users\DXXNMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk[2015/01/07 18:57:07 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2014/10/14 19:43:25 | 000,004,560 | ---- | C] () -- C:\Windows\SysWow64\WiredTools.ini[2014/10/14 19:43:25 | 000,002,384 | ---- | C] () -- C:\Windows\SysWow64\WiredToolsOff.ini[2014/08/21 19:56:03 | 000,000,425 | ---- | C] () -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0[2013/09/21 20:05:14 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2013/09/20 18:42:19 | 005,195,390 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\helper.dat[2013/09/20 18:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\DXXNMS\ntuser.pol[2013/07/02 23:17:51 | 000,000,600 | ---- | C] () -- C:\Users\DXXNMS\AppData\Roaming\winscp.rnd[2013/05/28 22:55:20 | 000,000,600 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\PUTTY.RND[2013/05/20 22:20:37 | 000,000,045 | ---- | C] () -- C:\Windows\quicken.ini[2013/05/02 22:23:49 | 000,004,096 | -H-- | C] () -- C:\Users\DXXNMS\AppData\Local\keyfile3.drm[2008/10/20 12:24:19 | 000,000,055 | ---- | C] () -- C:\Users\DXXNMS\cta05264[2008/06/02 23:07:36 | 000,000,000 | ---- | C] () -- C:\Users\DXXNMS\TableSetting[2008/06/02 23:02:58 | 000,010,957 | ---- | C] () -- C:\Users\DXXNMS\view-plugin.dtd[2008/06/02 23:02:54 | 000,000,673 | ---- | C] () -- C:\Users\DXXNMS\database.xml[2008/06/02 23:02:54 | 000,000,258 | ---- | C] () -- C:\Users\DXXNMS\pluginlist[2008/06/02 23:02:53 | 000,000,171 | ---- | C] () -- C:\Users\DXXNMS\ipvpn.xml[2008/06/02 23:02:52 | 000,000,494 | ---- | C] () -- C:\Users\DXXNMS\datalink.xml[2008/06/02 23:02:52 | 000,000,374 | ---- | C] () -- C:\Users\DXXNMS\unicast.xml[2008/06/02 23:02:51 | 000,000,307 | ---- | C] () -- C:\Users\DXXNMS\internet.xml[2008/06/02 23:02:50 | 000,000,766 | ---- | C] () -- C:\Users\DXXNMS\dvmrp.xml[2008/06/02 23:02:49 | 000,000,977 | ---- | C] () -- C:\Users\DXXNMS\multicast.xml[2008/06/02 23:02:49 | 000,000,221 | ---- | C] () -- C:\Users\DXXNMS\baseline.xml[2008/06/02 23:02:48 | 000,000,239 | ---- | C] () -- C:\Users\DXXNMS\vpls.xml[2008/06/02 23:02:47 | 000,000,169 | ---- | C] () -- C:\Users\DXXNMS\voip.xml[2008/05/17 09:59:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2008/02/21 12:38:00 | 000,009,842 | ---- | C] () -- C:\Users\DXXNMS\MCCI_MDM.INF[2008/02/21 12:38:00 | 000,009,232 | ---- | C] () -- C:\Users\DXXNMS\USB_MOT_BRIT.INF[2008/02/21 12:38:00 | 000,007,141 | ---- | C] () -- C:\Users\DXXNMS\USBMOT2000.INF[2008/02/21 12:38:00 | 000,006,921 | ---- | C] () -- C:\Users\DXXNMS\MCCI_BUS.INF[2008/02/21 12:38:00 | 000,006,061 | ---- | C] () -- C:\Users\DXXNMS\USBMOT2000XP.INF[2008/02/21 12:38:00 | 000,005,880 | ---- | C] () -- C:\Users\DXXNMS\USB_CMCS_2000.INF[2008/02/21 12:38:00 | 000,005,813 | ---- | C] () -- C:\Users\DXXNMS\USB_MOT_A1000.INF[2008/02/21 12:38:00 | 000,004,406 | ---- | C] () -- C:\Users\DXXNMS\MCCI_SDM.INF[2007/05/22 20:18:02 | 000,000,016 | ---- | C] () -- C:\Users\DXXNMS\persistent_state[2007/05/12 19:14:12 | 000,056,320 | ---- | C] () -- C:\Users\DXXNMS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 00:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:35:42 | 014,175,744 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:11:30 | 012,874,240 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/24 20:32:16 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\.kde[2014/04/24 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Blackboard[2013/04/04 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2015/01/27 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Dropbox[2013/03/26 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Garmin[2012/11/24 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\KDE[2013/05/02 12:51:23 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\newsXpresso[2014/04/23 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\QuickScan[2012/10/19 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Screensaver[2013/01/26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\SoftGrid Client[2013/04/06 07:34:42 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1[2014/09/05 22:48:21 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TeamViewer[2014/12/18 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\Telefónica[2014/12/18 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TGCMLog[2012/11/24 17:50:02 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\TP[2013/06/09 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\WildTangent[2013/01/13 12:56:11 | 000,000,000 | ---D | M] -- C:\Users\DXXNMS\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > Link to post Share on other sites
lgoncalves Posted January 28, 2015 Author Report Share Posted January 28, 2015 Posting Extras log: OTL Extras logfile created on: 27/01/2015 07:05:21 p.m. - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Programas\Malware\Malware removal64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17501)Locale: 0000200A | Country: Bolivarian Republic of Venezuela | Language: ESV | Date Format: dd/MM/yyyy 3,84 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 44,45% Memory free7,68 Gb Paging File | 4,28 Gb Available in Paging File | 55,80% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 447,66 Gb Total Space | 93,52 Gb Free Space | 20,89% Space Free | Partition Type: NTFS Computer Name: DXXNMS-PC | User Name: DXXNMS | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{049633BD-C5F5-4C8F-8BA4-819C131AC0E4}" = lport=5353 | protocol=17 | dir=in | app=c:\users\dxxnms\appdata\local\google\chrome\application\chrome.exe |"{08790B8B-E9FF-4FD4-A8D9-FAC69B47A81F}" = lport=445 | protocol=6 | dir=in | app=system |"{0B4EEB14-F8E7-4CDF-8023-7805567FD2BD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |"{0EB5D982-DD9C-428C-8F0F-53B03B99F682}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{24FD4483-8FE1-41BF-9991-5C8003C1A2C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |"{2B3B473E-3D69-41FB-BEDF-F5CDF0C8B1E9}" = lport=139 | protocol=6 | dir=in | app=system |"{2C368B5C-AC0E-483D-BD6E-36C48240FC9B}" = rport=139 | protocol=6 | dir=out | app=system |"{4140BCDA-7605-45E2-B49C-AF7F6F7CDCBB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |"{53F8AE6B-3462-4E2D-8910-637B5987B1F9}" = rport=10243 | protocol=6 | dir=out | app=system |"{57EB2789-9586-4DFE-9B97-473043A151B8}" = rport=137 | protocol=17 | dir=out | app=system |"{655EEE8C-FAD4-4F1C-B0F7-2FA8182F26C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{66FCEA96-E9A8-485E-8E54-0241E5416B75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{68F990BD-CE1E-4F03-831A-7177AC55D916}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{69C7449C-878E-40D9-94FA-5478C43224E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{7C467E5C-89E8-49E5-AA3F-E0516364DF39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{813DFAF9-C84D-4096-9158-4C1E50C32B32}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{842B3D8D-1C2E-42C9-88D6-0533033A4E8A}" = lport=137 | protocol=17 | dir=in | app=system |"{9185BEDC-AABA-479D-9A19-B7E3F42739D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{944089CE-A190-45FA-BE6B-4AFCFE1F3A1D}" = lport=2869 | protocol=6 | dir=in | app=system |"{96EAD4E5-EDF2-47C0-8F17-A76070DBED97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{9BF898FB-1470-490E-8DE5-6ADF9BB0041C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{A0D31690-5345-41D0-AB74-42294C391F47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{A36FD72C-F1CB-4225-80B5-9C87DC408151}" = rport=138 | protocol=17 | dir=out | app=system |"{AD1A074A-8B8C-48DA-A527-A48ACCD7EE5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |"{AF2D3D7B-E9FB-42C6-84E8-D00D453C8D09}" = lport=138 | protocol=17 | dir=in | app=system |"{BB79BE40-5926-4A92-8FFA-F898D393D677}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{BD273B39-44A2-465C-84AC-0AA95AABB7A8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |"{C072C76D-3AF8-4475-8478-E4BB1012ABD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{D3330422-BF1E-4B20-97F6-30B85330202E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{D3D954ED-82E4-4420-B2A9-EBBD0FCC2749}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{D5B81170-64FC-4A52-A6AF-24B4C80CAF03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{DFC201F3-5242-4653-83CB-CC109C95A43C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{E39E777A-192A-4CC0-A876-4142E4E9B762}" = lport=10243 | protocol=6 | dir=in | app=system |"{E97F8980-E0EC-4900-858C-6E3880B574C2}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0194C303-6AFB-430A-91A5-836B3857103B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{04CD8055-C289-4511-8789-E826CF4A81A6}" = protocol=6 | dir=out | app=system |"{0D2B6C8D-DE8F-4C64-A6C7-A3C8A262B9DD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |"{1B886470-4948-465C-8519-052BCF8FBDF5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |"{1DD77B90-BC30-42C2-B8C5-15DD76AC5371}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |"{23F30DD9-F28A-4597-80D4-2FA186397E84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{251D45A7-6FE5-4513-8659-855AA0C6C45F}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe |"{36AB3760-1230-4B88-8B3A-4CBBFBDC33EC}" = protocol=58 | dir=in | [email protected],-28545 |"{3902EB3E-2527-4B9F-8E77-33A9825B6C1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{4612BEC9-5C0B-4EDB-8A47-505D66E6801B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{463BB6C3-069A-4FE8-AC95-50B9364D7AE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{50772E94-FE99-4C66-9B34-E7803BA11D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |"{57D50B3B-3771-4597-A21C-BF1BCD94EC1B}" = protocol=6 | dir=in | app=c:\users\dxxnms\appdata\roaming\dropbox\bin\dropbox.exe |"{58FBF2F9-D9E8-4EA5-A993-5F76E6BFFB71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{5A26F348-D05C-478D-9DE0-12F0A813C9B4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |"{5A6FF595-69BE-4448-A6A9-77048CAC2987}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |"{5CF839CC-81AF-4DDC-A097-71AC4B7D1B85}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe |"{69EE7E52-6CF0-4ADB-BD94-7F8247EDE1E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{6E4BC4F4-9F12-4606-ABAB-FA6367AAFC05}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{78A9CAA5-F368-4597-BA3F-4CF1EBDE989B}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe |"{79087E24-C90F-4E32-B2D2-6BED6238C502}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |"{7B47B72F-4460-47E8-9E02-BF348F687AB2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |"{85CFA627-4076-47B6-9A2C-929C2CA00690}" = protocol=17 | dir=in | app=c:\users\dxxnms\appdata\local\temp\7zs696a\hppiw.exe |"{8B881EAF-3FE5-45E6-936A-46DBF17F4C4A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{92CA4E21-E0E4-4862-9827-C974244C5660}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |"{931CA322-DC87-4BDB-B215-E8B650E2F10A}" = protocol=58 | dir=out | [email protected],-28546 |"{934DE604-F8B3-4415-88EF-02CFE17EB6B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{93F8FF3A-BB96-4538-AD62-74DDD63F0F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |"{96A17B48-56AC-426A-9758-8622C6AC8CDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{9D68D2B5-6D44-4A08-8249-BD6767B1A47E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{A039F442-354F-466D-8140-82EA46785CC0}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |"{B1A4FCDD-2E07-4D04-B2D5-23332975D27B}" = protocol=6 | dir=in | app=c:\users\dxxnms\appdata\local\temp\7zs696a\hppiw.exe |"{B25C102C-DFC0-4907-AB78-7517CDE60678}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{BB5454C9-0055-46B5-960D-5048EE42FA26}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{C1121CA7-2ED8-41EF-B934-25843A41D89F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |"{C6E41838-9F5B-4BF9-BAFA-B7AD2A78F9CA}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |"{C7B7B821-4851-43AB-9898-34E9944A4559}" = protocol=1 | dir=in | [email protected],-28543 |"{C7F330D0-277C-4636-A64A-DCD87C2663F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{C8D298B8-0518-43B2-9012-719D37400594}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |"{C8F09C90-638B-40DD-980A-B2B41270EA60}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{CEA00FE5-F2E0-413D-9C0A-1EB71341B2D2}" = protocol=17 | dir=in | app=c:\users\dxxnms\appdata\roaming\dropbox\bin\dropbox.exe |"{D5AAB527-C83B-4784-9AE4-3BAA11B97130}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |"{D61F98E2-C87D-40A7-B39C-A770B28D8FAF}" = dir=in | app=c:\users\dxxnms\appdata\local\microsoft\skydrive\skydrive.exe |"{D87020C5-A122-434B-BD70-31F5B25C726C}" = dir=in | name=tranfer files |"{D99199C5-294D-4377-A41C-F645CB823397}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{DCC6E96C-842B-434F-8C64-1CE4ACDBE94D}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\safetynut\srtool~1\ie\dtuser.exe |"{DCE6AA83-F3F7-487E-B7CB-2E3930D8B609}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |"{DDB17592-D26E-42A5-8144-D1F71FF6BFFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{E23194FC-F35F-4056-A26D-26D42017C5AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{E3B4FD8E-93CF-46E5-AA35-7A7994E78A63}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{E97E81F7-75E1-47F2-A910-6DD7D87F2A53}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{EA722943-5628-472C-A1FD-B6289162BD55}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |"{F38AC815-69D0-48C6-B41A-E5443078E5E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{F59FEF20-B317-4230-B2F5-0D5699806CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |"{F66AD0A4-D010-4857-907D-BFBC84EC05AC}" = protocol=1 | dir=out | [email protected],-28544 |"{F6FA01CE-B543-4885-A51D-2BBE1AAF0D1B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{FDC8D401-944A-4B3A-9774-FDFAE44D28ED}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\safetynut\srtool~1\ie\dtuser.exe |"TCP Query User{75368B97-0095-4420-8C6D-28C549F85F0C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |"UDP Query User{21A8B117-5C15-487D-96C5-F2861147D752}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder"{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit)"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{650AF771-456D-418F-BFC7-F6FFC9D0235C}" = HP Deskjet 3050 J610 series Basic Device Software"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}" = Acer Instant Update Service"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel® Turbo Boost Technology Monitor 2.5"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud"{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}" = HP Deskjet 3050 J610 series Product Improvement Study"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit"Broadcom Wireless Utility" = Broadcom Wireless Utility"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL"Recuva" = Recuva"ZTE USB Driver" = ZTE USB Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials"{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}" = Blackboard Collaborate Launcher"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Compatibilidad con Aplicaciones de Apple"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker"{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" = clear.fi SDK - MVP 2"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.13) MUI"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4"{B2AF05E3-4B0C-44A6-B146-322219BF3562}_is1" = Wondershare Dr.Fone(Build 2.0.1.3)"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger"{CB2065E8-067A-4303-8795-F3C53C14CAB6}" = PCmover Free"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" = clear.fi SDK- Movie 2"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = GalerÃa fotográfica de Windows Live"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F2321021-08A2-44D6-B1DF-BDB415F23EC3}" = Adobe Illustrator CC"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime"{FCDB0EF3-673C-FDCE-6498-750F51391660}" = Fooz Kids"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR"Acer Registration" = Acer Registration"Acer Screensaver" = Acer ScreenSaver"Acer Welcome Center" = Welcome Center"Adobe AIR" = Adobe AIR"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0"BN_DesktopReader" = NOOK for PC"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant"ESET Online Scanner" = ESET Online Scanner v3"eyeBeam_is1" = eyeBeam 3004t"FoozKids" = Fooz Kids"HP Photo Creations" = HP Photo Creations"iCare Data Recovery Software_is1" = iCare Data Recovery Software 5.4"Identity Card" = Identity Card"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso"KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.0 Basic"LManager" = Launch Manager"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028"MovistarLATAM" = Escritorio Movistar Latam"Mozilla Firefox 35.0.1 (x86 es-ES)" = Mozilla Firefox 35.0.1 (x86 es-ES)"MozillaMaintenanceService" = Mozilla Maintenance Service"MSC" = McAfee Internet Security Suite"Music Codec Pack_is1" = Music Codec Pack"PhotoRescue Pro" = PhotoRescue Pro 4.2"WildTangent acer Master Uninstall" = Acer Games"Windows Media Encoder 9" = Windows Media Encoder 9 Series"WinLiveSuite" = Windows Live Essentials"WinRAR archiver" = WinRAR archiver"WiredTools_is1" = WiredTools"WTA-0293b20b-c2dc-4ff0-b889-3b5d68c9d886" = FATE"WTA-0d2b2f4c-8a31-4cbd-9e67-cd262552b8d2" = Bejeweled 3"WTA-2276525f-914f-42be-bec7-70fda93c1d26" = Jewel Match 3"WTA-30d4d26a-469d-4d03-814c-8b8e4ede9220" = Polar Bowler"WTA-41f9246b-1381-44e1-8405-10474aec67aa" = Final Drive: Nitro"WTA-5f9b669d-b1a3-445c-a868-e1b38c72d66a" = Chronicles of Albian"WTA-60c64b9a-9b08-4323-a6fd-5cedb0db194d" = Cradle of Rome 2"WTA-6fdcff6f-4031-4257-9c1f-77dd334ad68d" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition"WTA-8a0a3d33-7fe4-4317-a749-9dc71d677129" = Governor of Poker 2 Premium Edition"WTA-91beec06-a186-4bb3-8dc3-0583dc982f11" = Virtual Villagers 5 - New Believers"WTA-aaaf9c58-ec35-4b42-a44a-a7c1c4f1c798" = Chuzzle Deluxe"WTA-cb97c573-aa6e-4b2d-8acf-fff113ca27e3" = Plants vs. Zombies - Game of the Year"WTA-d3c5673d-f038-433b-beb7-5e642283b303" = Agatha Christie - Death on the Nile"WTA-dc103a2d-e75a-40fe-92b2-c337234d52ad" = Penguins!"WTA-f6e7c00b-405f-4414-bfb4-4386ff1c048e" = Torchlight"WTA-f80c37a1-ab24-4ff3-af41-b47b21391f81" = Dora's World Adventure"WTA-f92843b8-442d-4428-bdb1-41957eac4f15" = Zuma's Revenge"WTA-fa5fb26e-f9d3-4e57-ad16-373c5858b91d" = Polar Golfer ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1" = ChromecastApp"CopyTrans Suite" = Desinstalación de CopyTrans Suite solamente"Dropbox" = Dropbox"Google Chrome" = Google Chrome"Google Chrome Packages" = Google Chrome Packages"OneDriveSetup.exe" = Microsoft OneDrive ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 26/01/2015 09:31:32 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a second Error - 26/01/2015 09:31:32 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 12480 Error - 26/01/2015 09:31:32 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 12480 Error - 26/01/2015 09:31:33 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a second Error - 26/01/2015 09:31:33 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 13479 Error - 26/01/2015 09:31:33 p.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 13479 Error - 27/01/2015 12:27:42 a.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a second Error - 27/01/2015 12:27:42 a.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 1045 Error - 27/01/2015 12:27:42 a.m. | Computer Name = DXXNMS-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1045 Error - 27/01/2015 06:56:45 p.m. | Computer Name = DXXNMS-PC | Source = WinMgmt | ID = 10Description = [ Broadcom Wireless LAN Events ]Error - 16/11/2014 09:10:47 a.m. | Computer Name = DXXNMS-PC | Source = WLAN-Tray | ID = 0Description = 08:40:39, Sun, Nov 16, 14 Error - (WLTRAY.EXE-4504) Unable to start peernet session, after 200 iterations Error - 16/11/2014 09:10:47 a.m. | Computer Name = DXXNMS-PC | Source = WLAN-Tray | ID = 0Description = 08:40:47, Sun, Nov 16, 14 Error - Unable to initialize peernet library Error - 26/01/2015 11:59:16 p.m. | Computer Name = DXXNMS-PC | Source = WLAN-Tray | ID = 0Description = 23:29:11, Mon, Jan 26, 15 Error - (WLTRAY.EXE-8848) Unable to start peernet session, after 200 iterations Error - 26/01/2015 11:59:16 p.m. | Computer Name = DXXNMS-PC | Source = WLAN-Tray | ID = 0Description = 23:29:16, Mon, Jan 26, 15 Error - Unable to initialize peernet library [ System Events ]Error - 26/01/2015 12:19:11 a.m. | Computer Name = DXXNMS-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096Description = The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure. Error - 26/01/2015 03:43:33 a.m. | Computer Name = DXXNMS-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service. Error - 26/01/2015 12:53:10 p.m. | Computer Name = DXXNMS-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error - 26/01/2015 06:30:36 p.m. | Computer Name = DXXNMS-PC | Source = bowser | ID = 8003Description = Error - 26/01/2015 11:58:50 p.m. | Computer Name = DXXNMS-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096Description = The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure. Error - 26/01/2015 11:58:57 p.m. | Computer Name = DXXNMS-PC | Source = DCOM | ID = 10010Description = Error - 27/01/2015 06:54:15 p.m. | Computer Name = DXXNMS-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error - 27/01/2015 06:54:15 p.m. | Computer Name = DXXNMS-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service. Error - 27/01/2015 06:54:45 p.m. | Computer Name = DXXNMS-PC | Source = NetBT | ID = 4321Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.7. The computer with the IP address 192.168.2.8 did not allow the name to be claimed by this computer. Error - 27/01/2015 06:56:23 p.m. | Computer Name = DXXNMS-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096Description = The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure. < End of report > Link to post Share on other sites
flashh4 Posted January 28, 2015 Report Share Posted January 28, 2015 Luis, thanks for those logs ! We are close to being done ! We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems.Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000\..\SearchScopes\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}: "URL" = https://search.yahoo...662D20141017&p={SearchTerms}FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2014/12/15 08:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Extensions[2015/01/26 23:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions[2015/01/19 21:12:54 | 000,392,243 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\[email protected][2015/01/26 23:30:15 | 000,732,089 | ---- | M] () (No name found) -- C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi[2015/01/26 22:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensionsO3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-21-1116665366-1061216413-1134762050-1000..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18:64bit: - Protocol\Filter\text/xml - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection.Post that log please !!ThanksChuck Link to post Share on other sites
lgoncalves Posted January 29, 2015 Author Report Share Posted January 29, 2015 Hi Chuck, Posting results from script: All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7941C7F7-B1CC-4B4A-9800-7DE9C1AF3896}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.C:\Users\DXXNMS\AppData\Roaming\Mozilla\Extensions folder moved successfully.C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions folder moved successfully.File C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\[email protected] not found.File C:\Users\DXXNMS\AppData\Roaming\Mozilla\Firefox\Profiles\hju627rm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi not found.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.Registry value HKEY_USERS\S-1-5-21-1116665366-1061216413-1134762050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.File Protocol\Handler\livecall - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.File Protocol\Handler\msdaipp - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.File Protocol\Handler\msnim - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.File Protocol\Handler\mso-offdap - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.File Protocol\Handler\mso-offdap11 - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.File Protocol\Handler\skype4com - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.File Protocol\Handler\wlmailhtml - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.File Protocol\Handler\wlpg - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: DXXNMS->Java cache emptied: 23455867 bytes User: Public Total Java Files Cleaned = 22,00 mb [EMPTYFLASH] User: All Users User: Default->Flash cache emptied: 56475 bytes User: Default User->Flash cache emptied: 0 bytes User: DXXNMS->Flash cache emptied: 63640 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: DXXNMS->Temp folder emptied: 1259821924 bytes->Temporary Internet Files folder emptied: 327569088 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 364537097 bytes->Google Chrome cache emptied: 437683742 bytes->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 12845480110 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78173 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 14.529,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyRestore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 01282015_225148Files\Folders moved on Reboot...C:\Users\DXXNMS\AppData\Local\Temp\7zS696A\HPSLPSVC64.DLL moved successfully.C:\Users\DXXNMS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\DXXNMS\AppData\Local\Temp\MMDUtl.log moved successfully.File\Folder C:\Users\DXXNMS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\DXXNMS\AppData\Roaming\Dropbox\shellext \l\546b9291䃸峟ﻞ not found!C:\Users\DXXNMS\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.File\Folder C:\Windows\temp\etilqs_DhCvRugfmg8JdP3Kut2I not found!File\Folder C:\Windows\temp\etilqs_snG6tXqc74WI5eKNpwf0 not found!File\Folder C:\Windows\temp\etilqs_ubV11d1mS4WXyJm1hp1g not found!File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites
flashh4 Posted January 29, 2015 Report Share Posted January 29, 2015 Hi luis, looks like that computer cleaned up real good !! Clean up of Malware Removal ToolsNow that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded. Download Delfix to your desktop and double click it to start the program here Ensure Remove disinfection tools is ticked Also tick: o Create registry backup o Purge system restore o Reset system settings o Click Run The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.You can delete any log files left on your desktop as these are no longer needed. ================================ You can check these to see if they are up to date: [*]Please go here to install Java >>> http://www.java.com/en/ [o] click on the Free Java Download Button [o] click on Agree and start Free download [o] click on Run [o] click on run again [o] click on install [o] when install is complete click on close [*]Reboot your computer +++++++++++++ Update Adobe ReaderMake sure you uncheck the box to install McAfee Security Scan PlusPlease uninstall unless you already have Adobe Reader XXX XXX xxx before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader XX xxx xx and click on Change/Remove to uninstall it. Click here to download the latest version of Adobe Acrobat Reader. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader. Close your Internet browser and open it again. +++++++++++ Mozilla Firefox 34.0.5 Firefox out of Date! ================================ Congratulation you are clean !!!Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !Here are some tips to reduce the potential for spyware infection in the future: Here are some tips to reduce the potential for spyware/malware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click onOptions. Click once on theSecurity tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page.2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure. NoScript adblock plus 3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:Online Armor FreeAgnitum Outpost Firewall FreeComodo Firewall Free 5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome. 7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware . Let me know how it's running ?Any problems ?It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!ThanksChuck Link to post Share on other sites
lgoncalves Posted January 30, 2015 Author Report Share Posted January 30, 2015 (edited) Hi Chuck, thank you very muh for your help. I have followed your advices and now I have installed the add ons in Firefox. Let me post the last log:# DelFix v10.8 - Logfile created 29/01/2015 at 23:40:22# Updated 29/07/2014 by Xplode# Username : DXXNMS - DXXNMS-PC# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)~ Removing disinfection tools ...Deleted : C:\_OTLDeleted : C:\AdwCleanerDeleted : C:\Users\DXXNMS\Desktop\JRT.txtDeleted : HKLM\SOFTWARE\OldTimer ToolsDeleted : HKLM\SOFTWARE\AdwCleanerDeleted : HKLM\SOFTWARE\TrendMicro\Hijackthis~ Creating registry backup ... OK~ Cleaning system restore ...Deleted : RP #129 [Windows Update | 01/19/2015 21:59:21]Deleted : RP #130 [Restore Operation | 01/25/2015 16:57:45]Deleted : RP #131 [Windows Update | 01/25/2015 20:34:55]Deleted : RP #132 [Hot_deleted_Firefox_updated | 01/26/2015 01:48:59]Deleted : RP #133 [Windows Update | 01/27/2015 22:31:50]Deleted : RP #134 [OTL Restore Point - 28/01/2015 11:01:20 p.m. | 01/29/2015 03:31:26]New restore point created !~ Resetting system settings ... OK########## - EOF - ##########Have a good day! Edited January 30, 2015 by Luis Goncalves Link to post Share on other sites
flashh4 Posted January 30, 2015 Report Share Posted January 30, 2015 How is it runing Luis ?? Any problems ? Chuck Link to post Share on other sites
lgoncalves Posted February 1, 2015 Author Report Share Posted February 1, 2015 Hi Chuck, everything is running ok. After I enabled the addons in Firefox I have to enable scripts on trustful sites, but I think is fair if I have a safe browsing. Thank you very much for yur help. Link to post Share on other sites
Recommended Posts