Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

internet slow. Broadband provider says problem is in my pc. [Closed]

internet slow

  • This topic is locked This topic is locked

#1
Jane25

Jane25

    New Member

  • Member
  • Pip
  • 7 posts

Hello everyone, 

 

My internet connection is very slow at the moment. I assume is has something to do with malware. I've scanned with malwarebytes and superantispyware with no improvements. I don't know what else to do.

 

Any help would be much appreciated. 

 


OTL logfile created on: 07/08/2014 08:32:53 a.m. - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jane\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
 
6,99 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 66,09% Memory free
13,99 Gb Paging File | 11,07 Gb Available in Paging File | 79,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,43 Gb Total Space | 159,06 Gb Free Space | 36,12% Space Free | Partition Type: NTFS
Drive D: | 24,21 Gb Total Space | 2,57 Gb Free Space | 10,60% Space Free | Partition Type: NTFS
 
Computer Name: LEO-MAURI | User Name: jane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/01 23:00:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/07/24 01:06:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jane\Downloads\OTL.exe
PRC - [2014/07/15 17:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/10/08 03:19:22 | 000,240,736 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2012/09/26 22:46:36 | 001,612,552 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2012/09/08 00:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/16 12:38:08 | 000,703,584 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/15 17:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
MOD - [2014/07/15 17:24:46 | 014,664,008 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
MOD - [2014/07/15 17:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 17:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 17:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 17:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2012/09/20 01:36:48 | 000,026,888 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/12 09:15:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/18 09:29:24 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/04/17 22:29:26 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2014/04/06 19:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/04/03 10:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/14 14:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 13:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 15:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 23:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 17:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 17:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 17:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 17:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/02/22 17:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/02/04 10:35:32 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/12/10 15:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/23 12:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 20:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 19:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 19:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 19:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 19:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 19:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 18:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 18:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 17:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 17:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 17:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 17:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 17:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 17:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 17:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 17:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/08/23 16:45:42 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2014/08/01 23:00:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/15 16:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/14 14:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/02/04 10:35:33 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/02/04 10:35:31 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/02/04 10:35:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/10/08 03:19:22 | 000,240,736 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/08/22 20:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 11:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 10:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/05/24 04:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012/10/13 00:22:08 | 000,035,744 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012/09/27 18:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012/09/26 22:46:36 | 001,612,552 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2012/09/20 01:37:04 | 000,146,184 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/09/08 00:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/08/20 13:45:20 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Archivos de programa\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2012/07/14 09:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/16 12:38:08 | 000,703,584 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe -- (MyEpson Portal Service)
SRV - [2010/10/13 01:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/07 04:46:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/05/01 21:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/04/18 10:36:46 | 015,376,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/04/18 09:07:06 | 000,638,976 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/04/10 08:47:46 | 000,021,704 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2014/04/01 14:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/03/28 11:51:46 | 000,225,504 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2014/03/24 10:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/24 10:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/24 10:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/20 11:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 20:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/11 22:20:04 | 000,222,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/03/09 04:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/09 04:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/02/23 00:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 23:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 23:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 23:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 23:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/02/22 23:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 20:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/02/15 04:27:31 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/05 02:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/12/02 17:32:18 | 002,483,376 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/12/02 09:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/11/14 15:29:23 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 15:23:32 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 15:11:22 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/11/14 15:11:17 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/11/11 10:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 19:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/26 09:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/08/22 21:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 21:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 20:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 20:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 20:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 20:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 20:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 20:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 20:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 20:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 20:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 20:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 20:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 20:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 20:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 20:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 20:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 20:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 20:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 20:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 20:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 20:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 20:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 20:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 20:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 20:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 20:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 20:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 20:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 19:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 19:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 19:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 19:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 19:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 19:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 19:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 19:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 19:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 19:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 19:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 19:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 19:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 19:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 19:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 19:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 19:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 19:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 19:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 19:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 19:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 19:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 16:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/13 07:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 08:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/31 02:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/26 03:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/20 20:24:09 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/02 17:58:14 | 000,048,608 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2012/09/03 01:16:38 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/09/03 01:16:36 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/08/31 16:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/25 09:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/25 09:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/25 09:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/23 16:45:42 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/08/23 16:45:42 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/20 13:45:20 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/31 16:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/20 00:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/07/18 09:31:08 | 000,272,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/06/15 18:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2014/02/11 17:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Archivos de programa\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.3)
DRV - [2011/07/23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\jane\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/23 00:49:22 | 000,000,000 | ---D | M]
 
[2014/04/23 06:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jane\AppData\Roaming\mozilla\Extensions
[2014/06/26 03:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jane\AppData\Roaming\mozilla\Firefox\Profiles\b22uujhv.default\extensions
[2014/04/23 06:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/04/23 06:08:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Adblock Plus = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Búsqueda de Google = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Radios de Argentina = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlnllmnlolplmikofclonjoehopgffj\1.1_0\
CHR - Extension: No name found = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk\1.2.11471_1\
CHR - Extension: AdBlock = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.9_0\
CHR - Extension: Picovico - Creates amazing videos = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilclliijlkocpckoinfhkmnfhaiiapdk\1.0_0\
CHR - Extension: Conversor de vídeo = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne\1.1.4_0\
CHR - Extension: Plants vs Zombies = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Frontline Defense 2 HD = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nincmkjomngcmklpdkmdkioemlhdieim\1.0.1_0\
CHR - Extension: Google Wallet = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Dolphin Connect = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pajecklcmiegagoelbbjldmfcbcpdpll\2.0_0\
CHR - Extension: Gmail = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 21:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Archivos de programa\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Archivos de programa\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (AppEx Networks Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKCU..\Run: [Epson Stylus TX220] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDL.EXE /FU "C:\Windows\TEMP\E_S3C8D.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\jane\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.42.4.204 200.49.130.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{401EC3D9-6FD6-433E-B0F6-9DCFF9A97F1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{854814CC-703D-4E5A-8E7E-5E60555E8A23}: DhcpNameServer = 200.42.4.204 200.49.130.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4563776-39E6-4657-9750-D96FA8D9B8CB}: DhcpNameServer = 200.42.4.204 200.49.130.41
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a1b93420-d8f5-11e2-be75-f4b7e25641c8}\Shell - "" = AutoRun
O33 - MountPoints2\{a1b93420-d8f5-11e2-be75-f4b7e25641c8}\Shell\AutoRun\command - "" = "E:\autorun.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/02 04:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2014/08/02 02:54:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MOHW
[2014/08/01 22:58:57 | 000,000,000 | ---D | C] -- C:\Users\jane\Documents\MOHW
[2014/07/31 21:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\xlive
[2014/07/31 21:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2014/07/31 21:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2014/07/30 05:44:03 | 000,000,000 | ---D | C] -- C:\Users\jane\Documents\Eidos
[2014/07/30 05:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/07/30 05:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2014/07/30 05:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos
[2014/07/28 10:26:22 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/27 05:59:46 | 000,000,000 | ---D | C] -- C:\Users\jane\AppData\Local\CrashDumps
[2014/07/26 07:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/23 01:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/07/22 06:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/07/21 23:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2014/07/21 23:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2014/07/21 06:19:52 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\SysWow64\CmdLineExt_x64.dll
[2014/07/21 06:08:28 | 000,000,000 | ---D | C] -- C:\Users\jane\AppData\Local\Downloaded Installations
[2014/07/20 05:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traducción The Walking Dead [Temporada 2][Episodio 3]
[2014/07/19 13:32:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\CompatTel
[2014/07/19 08:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traducción The Wolf Among Us [Episodio 4]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\jane\Desktop\*.tmp files -> C:\Users\jane\Desktop\*.tmp -> ]
[1 C:\Users\jane\AppData\Local\*.tmp files -> C:\Users\jane\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/07 07:43:43 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/07 06:20:01 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3700017526-2387465574-2218740973-1002UA.job
[2014/08/07 04:46:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/07 03:02:13 | 000,000,950 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/08/07 02:59:07 | 000,003,620 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/08/07 02:59:07 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/08/07 02:59:06 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/07 01:39:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SysWow64\REMOTEDEVICE.INI
[2014/08/06 14:43:04 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/06 14:43:03 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/06 09:20:12 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3700017526-2387465574-2218740973-1002Core.job
[2014/08/06 07:27:56 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForjane.job
[2014/08/06 07:27:43 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/06 07:27:40 | 1706,459,135 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/06 07:27:14 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2014/08/03 06:29:10 | 000,280,600 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2014/08/03 06:29:10 | 000,280,600 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2014/08/02 06:16:59 | 000,280,600 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2014/08/01 23:00:35 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2014/07/30 01:07:51 | 000,468,480 | ---- | M] () -- C:\Users\jane\Desktop\CKScanner.exe
[2014/07/26 07:38:46 | 000,030,312 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2014/07/25 08:50:01 | 000,001,071 | ---- | M] () -- C:\Users\jane\Desktop\Dropbox.lnk
[2014/07/23 19:56:53 | 000,002,777 | ---- | M] () -- C:\Users\jane\Desktop\index.htm
[2014/07/22 08:58:05 | 000,001,994 | ---- | M] () -- C:\WINDOWS\SysWow64\ealregsnapshot1.reg
[2014/07/21 06:19:52 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\SysWow64\CmdLineExt_x64.dll
[2014/07/19 21:08:59 | 000,493,744 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/07/16 22:44:21 | 000,000,062 | ---- | M] () -- C:\Users\jane\Desktop\systeminformation.xml
[2014/07/08 21:53:58 | 002,061,324 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/07/08 21:53:58 | 000,894,626 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00A.dat
[2014/07/08 21:53:58 | 000,795,280 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/07/08 21:53:58 | 000,207,508 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00A.dat
[2014/07/08 21:53:58 | 000,164,902 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\jane\Desktop\*.tmp files -> C:\Users\jane\Desktop\*.tmp -> ]
[1 C:\Users\jane\AppData\Local\*.tmp files -> C:\Users\jane\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/05 07:51:43 | 000,000,356 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForjane.job
[2014/08/03 06:29:12 | 000,280,600 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2014/08/02 06:17:00 | 000,280,600 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2014/07/30 01:07:57 | 000,468,480 | ---- | C] () -- C:\Users\jane\Desktop\CKScanner.exe
[2014/07/26 07:38:46 | 000,030,312 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2014/07/25 08:50:01 | 000,001,071 | ---- | C] () -- C:\Users\jane\Desktop\Dropbox.lnk
[2014/07/23 19:56:45 | 000,002,777 | ---- | C] () -- C:\Users\jane\Desktop\index.htm
[2014/07/21 06:10:12 | 000,001,994 | ---- | C] () -- C:\WINDOWS\SysWow64\ealregsnapshot1.reg
[2014/07/16 22:44:21 | 000,000,062 | ---- | C] () -- C:\Users\jane\Desktop\systeminformation.xml
[2014/06/15 08:19:46 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2014/05/28 21:11:33 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/04/24 02:08:31 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/04/17 22:28:30 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2014/04/08 03:18:34 | 000,000,017 | ---- | C] () -- C:\Users\jane\AppData\Local\resmon.resmoncfg
[2014/03/18 08:05:33 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/02/27 19:57:00 | 000,000,565 | ---- | C] () -- C:\Users\jane\AppData\Roaming\myMPQ.ini
[2014/02/26 08:21:08 | 000,001,005 | ---- | C] () -- C:\WINDOWS\SysWow64\SHORTCUT.INI
[2014/02/15 04:28:28 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014/02/15 04:28:28 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014/02/04 06:25:04 | 000,000,000 | -HS- | C] () -- C:\Users\jane\AppData\Local\LumaEmu
[2014/02/04 03:46:19 | 002,063,678 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/02/04 03:42:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014/01/14 09:50:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\SysWow64\REMOTEDEVICE.INI
[2013/12/22 05:28:37 | 003,123,272 | R--- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2013/08/22 23:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 23:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 22:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 15:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 11:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 07:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 07:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/07/04 05:38:24 | 000,118,149 | ---- | C] () -- C:\Users\jane\wmpChrome (1).crx
[2013/06/30 07:45:57 | 000,000,088 | ---- | C] () -- C:\Users\jane\update-oblivion.bat
[2013/06/30 00:51:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2013/06/21 07:27:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2013/06/21 07:24:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll
[2013/06/21 07:24:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll
[2013/06/21 07:24:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll
[2013/06/19 06:27:05 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/06/19 06:20:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat
[2013/02/17 21:01:30 | 000,003,620 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2013/02/17 21:01:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2012/09/26 16:53:56 | 000,000,950 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2012/09/20 01:36:54 | 000,057,096 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2012/09/20 01:36:54 | 000,018,696 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/09/20 01:36:52 | 000,093,544 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2012/09/20 01:36:52 | 000,089,352 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2012/09/20 01:36:48 | 000,097,640 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2012/09/20 01:36:48 | 000,026,888 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2012/09/20 01:36:46 | 000,352,008 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2012/09/20 01:36:46 | 000,070,408 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2012/09/18 18:40:14 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2012/09/18 18:40:14 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2014/02/07 09:06:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/04/07 00:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/04/06 23:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 17:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 10:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 17:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/06/27 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\0ad
[2013/10/10 23:56:33 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\2K Sports
[2014/08/06 10:34:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\AIMP3
[2014/05/06 23:31:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Amacsoft
[2014/05/12 04:42:05 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Bioshock
[2014/05/17 05:04:28 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Bioshock2
[2014/02/27 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\BlackBean
[2014/04/27 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\BSplayer
[2013/10/17 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\BSplayer Pro
[2013/10/22 09:32:00 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\calibre
[2014/08/06 10:34:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\DAEMON Tools Lite
[2014/04/30 07:22:11 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\DarkSoulsII
[2013/10/17 20:43:19 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\data
[2013/07/05 02:04:28 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Day 1 Studios
[2014/07/27 07:25:16 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Dropbox
[2014/02/24 08:26:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\DVDVideoSoft
[2014/03/20 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Foxit Software
[2014/03/28 02:39:38 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\GetRightToGo
[2014/01/30 02:31:24 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\HewlettPackard
[2014/05/06 23:39:22 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\IGC
[2014/04/27 01:46:36 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\library_dir
[2013/11/18 09:40:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\mp3DirectCut
[2014/02/21 00:30:51 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Mp3jam
[2014/04/16 20:39:28 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Oracle
[2014/05/07 00:18:33 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\PDF Software
[2014/02/22 06:07:03 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Prison Break
[2014/05/07 20:57:41 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Probit Software
[2013/12/11 00:29:48 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Publish Providers
[2013/06/26 23:24:47 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Sierra Entertainment
[2014/03/12 20:28:25 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Sony
[2013/09/11 03:44:32 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Sports Interactive
[2013/06/19 06:26:10 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Synaptics
[2014/02/17 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\The Creative Assembly
[2014/04/23 03:32:56 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Theta
[2014/06/16 23:51:00 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Tropico 5
[2013/08/28 00:08:12 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\TuneUp Software
[2014/04/24 09:57:46 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Ubisoft
[2014/06/03 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\WebApp
[2013/06/19 10:03:50 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\WildTangent
[2014/05/07 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Wondershare
[2014/01/22 04:17:23 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\jane\SkyDrive:ms-properties
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:6DDED7D9
 
< End of report >
 
 

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi :)

 

Of course I'll try and help :thumbsup:    Give me a little while to look at your logs and I'll be back with you with some instructions.


  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Jane25,

 

This may seem like a lot of scans, but just take them one at a time. Feel free to run a scan and then post the results and then move on to the next.

 

Ok, let get started. :)

 

51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.
 

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator (if the machine asks) to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
:commands 

[CreateRestorePoint] 



:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found

O4 - HKCU..\Run: [Epson Stylus TX220] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDL.EXE /FU "C:\Windows\TEMP\E_S3C8D.tmp" /EF "HKCU" File not found

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O30 - LSA: Security Packages - (livessp) -  File not found


:Commands 

[EMPTYTEMP] 

[REBOOT]
  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

 

THEN

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next, download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Click Options button below the large panel and check the box:

    Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

To recap, you will be posting OTL.txt, Extras.txt, adwCleaner log, the Junkware log, the ZOEK log and the Security Log.

 


  • 0

#4
Jane25

Jane25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for your help!
 
 
 
OTL logfile created on: 08/08/2014 08:33:54 a.m. - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jane\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
 
6,99 Gb Total Physical Memory | 4,67 Gb Available Physical Memory | 66,84% Memory free
13,99 Gb Paging File | 11,44 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,43 Gb Total Space | 158,82 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
Drive D: | 24,21 Gb Total Space | 2,57 Gb Free Space | 10,60% Space Free | Partition Type: NTFS
 
Computer Name: LEO-MAURI | User Name: jane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/08 08:31:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jane\Desktop\OTL (1).exe
PRC - [2014/08/01 23:00:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/07/15 17:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/17 22:14:26 | 001,967,616 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2013/10/08 03:19:22 | 000,240,736 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2012/09/26 22:46:36 | 001,612,552 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2012/09/20 01:36:42 | 000,371,976 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012/09/08 00:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/16 12:38:08 | 000,703,584 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/15 17:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
MOD - [2014/07/15 17:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 17:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 17:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 17:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/04/17 22:13:36 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraEsp.dll
MOD - [2012/09/20 01:36:54 | 000,018,696 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
MOD - [2012/09/20 01:36:48 | 000,026,888 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2012/09/20 01:36:46 | 000,352,008 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2012/09/20 01:36:46 | 000,070,408 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/12 09:15:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/18 09:29:24 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/04/17 22:29:26 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2014/04/06 19:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/04/03 10:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/14 14:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 13:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 15:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 23:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 17:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 17:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 17:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 17:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/02/22 17:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/02/04 10:35:32 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/12/10 15:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/23 12:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 20:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 19:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 19:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 19:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 19:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 19:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 18:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 18:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 17:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 17:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 17:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 17:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 17:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 17:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 17:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 17:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/08/23 16:45:42 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2014/08/01 23:00:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/15 16:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/14 14:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/02/04 10:35:33 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/02/04 10:35:31 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/02/04 10:35:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/10/08 03:19:22 | 000,240,736 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/08/22 20:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 11:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 10:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/05/24 04:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012/10/13 00:22:08 | 000,035,744 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012/09/27 18:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012/09/26 22:46:36 | 001,612,552 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2012/09/20 01:37:04 | 000,146,184 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/09/08 00:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/08/20 13:45:20 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Archivos de programa\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2012/07/14 09:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/16 12:38:08 | 000,703,584 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe -- (MyEpson Portal Service)
SRV - [2010/10/13 01:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/05/01 21:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/04/18 10:36:46 | 015,376,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/04/18 09:07:06 | 000,638,976 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/04/10 08:47:46 | 000,021,704 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2014/04/01 14:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/03/28 11:51:46 | 000,225,504 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2014/03/24 10:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/24 10:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/24 10:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/20 11:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 20:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/11 22:20:04 | 000,222,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/03/09 04:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/09 04:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/02/23 00:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 23:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 23:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 23:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 23:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/02/22 23:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 20:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/02/15 04:27:31 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/05 02:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/12/02 17:32:18 | 002,483,376 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/12/02 09:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/11/14 15:29:23 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 15:23:32 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 15:11:22 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/11/14 15:11:17 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/11/11 10:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 19:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/26 09:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/08/22 21:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 21:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 20:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 20:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 20:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 20:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 20:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 20:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 20:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 20:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 20:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 20:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 20:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 20:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 20:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 20:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 20:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 20:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 20:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 20:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 20:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 20:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 20:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 20:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 20:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 20:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 20:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 20:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 20:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 19:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 19:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 19:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 19:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 19:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 19:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 19:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 19:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 19:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 19:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 19:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 19:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 19:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 19:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 19:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 19:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 19:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 19:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 19:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 19:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 19:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 19:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 16:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/13 07:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 08:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/31 02:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/26 03:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/20 20:24:09 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/02 17:58:14 | 000,048,608 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2012/09/03 01:16:38 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/09/03 01:16:36 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/08/31 16:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/25 09:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/25 09:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/25 09:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/23 16:45:42 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/08/23 16:45:42 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/20 13:45:20 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/31 16:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/20 00:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/07/18 09:31:08 | 000,272,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/06/15 18:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2014/02/11 17:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Archivos de programa\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.3)
DRV - [2011/07/23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\jane\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/23 00:49:22 | 000,000,000 | ---D | M]
 
[2014/04/23 06:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jane\AppData\Roaming\mozilla\Extensions
[2014/06/26 03:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jane\AppData\Roaming\mozilla\Firefox\Profiles\b22uujhv.default\extensions
[2014/04/23 06:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/04/23 06:08:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Adblock Plus = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Búsqueda de Google = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Radios de Argentina = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlnllmnlolplmikofclonjoehopgffj\1.1_0\
CHR - Extension: No name found = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk\1.2.11471_1\
CHR - Extension: AdBlock = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.9_0\
CHR - Extension: Picovico - Creates amazing videos = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilclliijlkocpckoinfhkmnfhaiiapdk\1.0_0\
CHR - Extension: Conversor de vídeo = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne\1.1.4_0\
CHR - Extension: Plants vs Zombies = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Frontline Defense 2 HD = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nincmkjomngcmklpdkmdkioemlhdieim\1.0.1_0\
CHR - Extension: Google Wallet = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Dolphin Connect = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pajecklcmiegagoelbbjldmfcbcpdpll\2.0_0\
CHR - Extension: Gmail = C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 21:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Archivos de programa\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Archivos de programa\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (AppEx Networks Corporation)
O4 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002..\Run: [Epson Stylus TX220] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDL.EXE /FU "C:\Windows\TEMP\E_S3C8D.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002..\Run: [Facebook Update] C:\Users\jane\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3700017526-2387465574-2218740973-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.42.4.204 200.49.130.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{401EC3D9-6FD6-433E-B0F6-9DCFF9A97F1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{854814CC-703D-4E5A-8E7E-5E60555E8A23}: DhcpNameServer = 200.42.4.204 200.49.130.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4563776-39E6-4657-9750-D96FA8D9B8CB}: DhcpNameServer = 200.42.4.204 200.49.130.41
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a1b93420-d8f5-11e2-be75-f4b7e25641c8}\Shell - "" = AutoRun
O33 - MountPoints2\{a1b93420-d8f5-11e2-be75-f4b7e25641c8}\Shell\AutoRun\command - "" = "E:\autorun.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[CREATERESTOREPOINT] 
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/08 08:31:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jane\Desktop\OTL (1).exe
[2014/08/02 04:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2014/08/02 02:54:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MOHW
[2014/08/01 22:58:57 | 000,000,000 | ---D | C] -- C:\Users\jane\Documents\MOHW
[2014/07/31 21:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\xlive
[2014/07/31 21:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2014/07/31 21:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2014/07/30 05:44:03 | 000,000,000 | ---D | C] -- C:\Users\jane\Documents\Eidos
[2014/07/30 05:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/07/30 05:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2014/07/30 05:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos
[2014/07/28 10:26:22 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/27 05:59:46 | 000,000,000 | ---D | C] -- C:\Users\jane\AppData\Local\CrashDumps
[2014/07/26 07:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/23 01:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/07/22 06:52:18 | 000,319,912 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe
[2014/07/22 06:52:13 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe
[2014/07/22 06:52:13 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe
[2014/07/22 06:52:13 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2014/07/22 06:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/07/21 23:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2014/07/21 23:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2014/07/21 06:19:52 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\SysWow64\CmdLineExt_x64.dll
[2014/07/21 06:08:28 | 000,000,000 | ---D | C] -- C:\Users\jane\AppData\Local\Downloaded Installations
[2014/07/20 05:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traducción The Walking Dead [Temporada 2][Episodio 3]
[2014/07/19 21:10:01 | 000,703,968 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/07/19 21:10:01 | 000,105,440 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/19 13:32:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\CompatTel
[2014/07/19 08:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traducción The Wolf Among Us [Episodio 4]
[2014/07/19 02:50:19 | 000,688,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll
[2014/07/19 02:50:19 | 000,527,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2014/07/19 02:50:19 | 000,385,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2014/07/19 02:50:04 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/07/19 02:49:57 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2014/07/19 02:49:56 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/07/19 02:49:56 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/07/19 02:49:56 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2014/07/19 02:49:55 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/07/19 02:49:55 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/07/19 02:49:55 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/07/19 02:49:55 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/07/19 02:49:55 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2014/07/19 02:49:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2014/07/19 02:47:43 | 013,287,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/07/19 02:47:43 | 000,923,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014/07/19 02:47:43 | 000,756,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014/07/19 02:47:42 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/07/19 02:47:41 | 011,792,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/07/19 02:47:41 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2014/07/19 02:47:41 | 000,555,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll
[2014/07/19 02:47:41 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/07/19 02:47:41 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014/07/19 02:47:40 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2014/07/19 02:47:40 | 000,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2014/07/19 02:47:40 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2014/07/19 02:47:40 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2014/07/19 02:47:40 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2014/07/19 01:56:51 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\osk.exe
[2014/07/19 01:56:51 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\osk.exe
[2014/07/19 01:56:49 | 001,417,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/07/19 01:56:49 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adtschema.dll
[2014/07/19 01:56:49 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adtschema.dll
[2014/07/19 01:56:49 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2014/07/19 01:56:49 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2014/07/19 01:47:56 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2014/07/19 01:47:56 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2014/07/19 01:29:58 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\jane\Desktop\*.tmp files -> C:\Users\jane\Desktop\*.tmp -> ]
[1 C:\Users\jane\AppData\Local\*.tmp files -> C:\Users\jane\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/08 08:31:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jane\Desktop\OTL (1).exe
[2014/08/08 07:43:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/08 06:20:05 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3700017526-2387465574-2218740973-1002UA.job
[2014/08/07 22:22:55 | 000,280,600 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2014/08/07 22:22:55 | 000,280,600 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2014/08/07 22:12:22 | 000,280,600 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2014/08/07 21:58:41 | 000,000,950 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/08/07 21:55:38 | 000,003,620 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/08/07 21:55:35 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/07 21:55:35 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/08/07 21:48:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SysWow64\REMOTEDEVICE.INI
[2014/08/07 19:14:39 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/07 19:14:27 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/07 09:20:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3700017526-2387465574-2218740973-1002Core.job
[2014/08/07 04:46:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/06 07:27:56 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForjane.job
[2014/08/06 07:27:43 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/06 07:27:40 | 1706,459,135 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/06 07:27:14 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2014/08/01 23:00:35 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2014/07/30 01:07:51 | 000,468,480 | ---- | M] () -- C:\Users\jane\Desktop\CKScanner.exe
[2014/07/26 07:38:46 | 000,030,312 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2014/07/25 08:50:01 | 000,001,071 | ---- | M] () -- C:\Users\jane\Desktop\Dropbox.lnk
[2014/07/23 19:56:53 | 000,002,777 | ---- | M] () -- C:\Users\jane\Desktop\index.htm
[2014/07/22 08:58:05 | 000,001,994 | ---- | M] () -- C:\WINDOWS\SysWow64\ealregsnapshot1.reg
[2014/07/22 06:52:06 | 000,319,912 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe
[2014/07/22 06:52:06 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe
[2014/07/22 06:52:06 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe
[2014/07/22 06:52:06 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2014/07/21 06:19:52 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\SysWow64\CmdLineExt_x64.dll
[2014/07/19 21:08:59 | 000,493,744 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/07/19 01:29:58 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe
[2014/07/16 22:44:21 | 000,000,062 | ---- | M] () -- C:\Users\jane\Desktop\systeminformation.xml
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\jane\Desktop\*.tmp files -> C:\Users\jane\Desktop\*.tmp -> ]
[1 C:\Users\jane\AppData\Local\*.tmp files -> C:\Users\jane\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/07 22:22:59 | 000,280,600 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2014/08/07 22:12:26 | 000,280,600 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2014/08/05 07:51:43 | 000,000,356 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForjane.job
[2014/07/30 01:07:57 | 000,468,480 | ---- | C] () -- C:\Users\jane\Desktop\CKScanner.exe
[2014/07/26 07:38:46 | 000,030,312 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2014/07/25 08:50:01 | 000,001,071 | ---- | C] () -- C:\Users\jane\Desktop\Dropbox.lnk
[2014/07/23 19:56:45 | 000,002,777 | ---- | C] () -- C:\Users\jane\Desktop\index.htm
[2014/07/21 06:10:12 | 000,001,994 | ---- | C] () -- C:\WINDOWS\SysWow64\ealregsnapshot1.reg
[2014/07/16 22:44:21 | 000,000,062 | ---- | C] () -- C:\Users\jane\Desktop\systeminformation.xml
[2014/06/15 08:19:46 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2014/05/28 21:11:33 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/04/24 02:08:31 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/04/17 22:28:30 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2014/04/08 03:18:34 | 000,000,017 | ---- | C] () -- C:\Users\jane\AppData\Local\resmon.resmoncfg
[2014/03/18 08:05:33 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/02/27 19:57:00 | 000,000,565 | ---- | C] () -- C:\Users\jane\AppData\Roaming\myMPQ.ini
[2014/02/26 08:21:08 | 000,001,005 | ---- | C] () -- C:\WINDOWS\SysWow64\SHORTCUT.INI
[2014/02/15 04:28:28 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014/02/15 04:28:28 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014/02/04 06:25:04 | 000,000,000 | -HS- | C] () -- C:\Users\jane\AppData\Local\LumaEmu
[2014/02/04 03:46:19 | 002,063,678 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/02/04 03:42:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014/01/14 09:50:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\SysWow64\REMOTEDEVICE.INI
[2013/12/22 05:28:37 | 003,123,272 | R--- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2013/08/22 23:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 23:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 22:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 15:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 11:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 07:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 07:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/07/04 05:38:24 | 000,118,149 | ---- | C] () -- C:\Users\jane\wmpChrome (1).crx
[2013/06/30 07:45:57 | 000,000,088 | ---- | C] () -- C:\Users\jane\update-oblivion.bat
[2013/06/30 00:51:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2013/06/21 07:27:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2013/06/21 07:24:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll
[2013/06/21 07:24:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll
[2013/06/21 07:24:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll
[2013/06/19 06:27:05 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/06/19 06:20:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat
[2013/02/17 21:01:30 | 000,003,620 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2013/02/17 21:01:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2012/09/26 16:53:56 | 000,000,950 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2012/09/20 01:36:54 | 000,057,096 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2012/09/20 01:36:54 | 000,018,696 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/09/20 01:36:52 | 000,093,544 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2012/09/20 01:36:52 | 000,089,352 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2012/09/20 01:36:48 | 000,097,640 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2012/09/20 01:36:48 | 000,026,888 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2012/09/20 01:36:46 | 000,352,008 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2012/09/20 01:36:46 | 000,070,408 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2012/09/18 18:40:14 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2012/09/18 18:40:14 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2014/02/07 09:06:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/04/07 00:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/04/06 23:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 17:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 10:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 17:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/04 04:00:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2014/02/04 04:00:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/06/27 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\0ad
[2013/10/10 23:56:33 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\2K Sports
[2014/08/07 11:18:59 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\AIMP3
[2014/05/06 23:31:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Amacsoft
[2014/05/12 04:42:05 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Bioshock
[2014/05/17 05:04:28 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Bioshock2
[2014/02/27 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\BlackBean
[2014/04/27 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\BSplayer
[2013/10/17 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\BSplayer Pro
[2013/10/22 09:32:00 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\calibre
[2014/08/06 10:34:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\DAEMON Tools Lite
[2014/04/30 07:22:11 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\DarkSoulsII
[2013/10/17 20:43:19 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\data
[2013/07/05 02:04:28 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Day 1 Studios
[2014/08/07 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Dropbox
[2014/02/24 08:26:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\DVDVideoSoft
[2014/03/20 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Foxit Software
[2014/03/28 02:39:38 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\GetRightToGo
[2014/01/30 02:31:24 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\HewlettPackard
[2014/05/06 23:39:22 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\IGC
[2014/04/27 01:46:36 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\library_dir
[2013/11/18 09:40:06 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\mp3DirectCut
[2014/02/21 00:30:51 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Mp3jam
[2014/04/16 20:39:28 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Oracle
[2014/05/07 00:18:33 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\PDF Software
[2014/02/22 06:07:03 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Prison Break
[2014/05/07 20:57:41 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Probit Software
[2013/12/11 00:29:48 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Publish Providers
[2013/06/26 23:24:47 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Sierra Entertainment
[2014/03/12 20:28:25 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Sony
[2013/09/11 03:44:32 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Sports Interactive
[2013/06/19 06:26:10 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Synaptics
[2014/02/17 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\The Creative Assembly
[2014/04/23 03:32:56 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Theta
[2014/06/16 23:51:00 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Tropico 5
[2013/08/28 00:08:12 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\TuneUp Software
[2014/04/24 09:57:46 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Ubisoft
[2014/06/03 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\WebApp
[2013/06/19 10:03:50 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\WildTangent
[2014/05/07 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\Wondershare
[2014/01/22 04:17:23 | 000,000,000 | ---D | M] -- C:\Users\jane\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< :commands  >
[2013/08/22 22:45:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2014/01/29 20:11:23 | 000,001,052 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2014/01/29 20:11:25 | 000,001,056 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2014/02/04 03:42:37 | 000,000,264 | ---- | C] () -- C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
[2014/02/04 09:15:20 | 000,000,930 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3700017526-2387465574-2218740973-1002Core.job
[2014/02/04 09:15:21 | 000,000,952 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3700017526-2387465574-2218740973-1002UA.job
[2014/08/05 07:51:43 | 000,000,356 | ---- | C] () -- C:\WINDOWS\Tasks\HPCeeScheduleForjane.job
 
<  >
 
<  >
 
<  >
 
<  >
 
< :OTL >
 
< IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >
 
<  >
 
< IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS >
 
<  >
 
< IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >
 
<  >
 
< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC >
 
<  >
 
< IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >
 
<  >
 
< IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS >
 
<  >
 
< FF - user.js - File not found >
 
<  >
 
< FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found >
Invalid Switch: FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
 
<  >
 
< O4 - HKCU..\Run: [Epson Stylus TX220] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDL.EXE /FU "C:\Windows\TEMP\E_S3C8D.tmp" /EF "HKCU" File not found >
 
<  >
 
< O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found >
Invalid Switch: 3000 File not found
 
<  >
 
< O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found >
Invalid Switch: 105 File not found
 
<  >
 
< O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found >
Invalid Switch: 3000 File not found
 
<  >
 
< O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found >
Invalid Switch: 105 File not found
 
<  >
 
< O18:64bit: - Protocol\Handler\ms-help - No CLSID value found >
 
<  >
 
< O18:64bit: - Protocol\Handler\osf - No CLSID value found >
 
<  >
 
< O18:64bit: - Protocol\Handler\skype4com - No CLSID value found >
 
<  >
 
< O18:64bit: - Protocol\Handler\wlpg - No CLSID value found >
 
<  >
 
< O30 - LSA: Security Packages - (livessp) -  File not found >
 
<  >
 
<  >
 
< :Commands  >
 
<  >
 
< [EMPTYTEMP]  >
 
<  >
 
< [REBOOT] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\jane\SkyDrive:ms-properties
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:6DDED7D9
 
< End of report >
 
 
 

OTL Extras logfile created on: 08/08/2014 08:33:54 a.m. - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jane\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
 
6,99 Gb Total Physical Memory | 4,67 Gb Available Physical Memory | 66,84% Memory free
13,99 Gb Paging File | 11,44 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,43 Gb Total Space | 158,82 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
Drive D: | 24,21 Gb Total Space | 2,57 Gb Free Space | 10,60% Space Free | Partition Type: NTFS
 
Computer Name: LEO-MAURI | User Name: jane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3700017526-2387465574-2218740973-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2051FD43-53DC-4839-ACAC-2B4B552690B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50EEE067-96DA-4586-A66F-D3CEC06AD509}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe | 
"{7C7D24F6-E2B5-4793-BD77-0CAA6A53F799}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe | 
"{C1410929-A2A7-48BE-90DF-032F8E51F96D}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe | 
"{C1D09F3E-7999-4C1C-ABFD-B54BEE1374CC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D748EFDB-38DD-4ACB-A918-7AA29DE0FC9E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{D96316F6-59FD-480F-8CC4-21A35306234E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEB6BDD4-E119-46C6-9B8E-F4413F20A783}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E55DE0-1F59-4047-84C7-883390563E5B}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{06E6B9CF-C5A1-40C9-9F0D-E42540D87D3A}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.2.315_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{095F9C23-5BC3-417A-9A2A-D55AAAD74409}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.2.313_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{0BDAB8DB-7CFC-4D83-9B4B-005A8E6EAA20}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | 
"{108A5089-F517-4122-92C7-B84116F941F9}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{12552FBD-F8DF-4E79-BEB8-F7BF94DEA43A}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{13BB9951-85FE-48E7-BAA5-7DC660F1E38C}" = dir=in | name=yxplayer hd | 
"{15C2A025-BCCB-492A-A822-8B461860F94D}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{1EC5F7B1-501D-45ED-8AD1-942C9EB33170}" = dir=out | name=check point vpn | 
"{203785CA-71BC-4084-B749-1C451FE4FBB9}" = dir=in | name=f5 vpn | 
"{26394C06-47ED-4A1E-A8B9-AD63E8FE6B96}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{28562E9D-138F-4D0A-9ADF-0E1DB73E122B}" = dir=in | name=microsoft solitaire collection | 
"{295E51E3-75F5-4DDE-BD57-C3A31ACB927A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2DB723EC-4B83-4E61-9BCF-5CF28A5D0566}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{316A54E1-FB9B-4FF2-9C8A-933EA28DC135}" = dir=out | [email protected]{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{31E37058-2313-426D-9E8F-3F616FA112FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{36CBABB5-839E-4A3E-80C7-620AF516A498}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{396487E8-B50E-4371-8D2D-0F876D345EE7}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{3DD6289D-E986-4EC5-A686-60D0F89952CB}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{427315FA-2F5A-4D0B-9836-33022A1E48C0}" = dir=out | [email protected]{microsoft.bingnews_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{428EABA9-041A-428A-9DD1-E0B9EBAB3810}" = dir=in | name=sonicwall mobile connect | 
"{44D1D76A-AAE8-409A-BDDD-05BED0956CD8}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{465FD30E-E587-4DA6-93FA-259E0880860C}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{4D7C5D10-EC6F-4BF7-A50D-2AC58F803CA4}" = dir=out | [email protected]{microsoft.zunevideo_1.5.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{4F7389BC-C098-4DDF-9E65-9ADC690433B7}" = dir=in | name=skype | 
"{5112A629-D77B-43A4-9EEB-6CF78A34386C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{53FC276F-AEC1-4310-9B9B-19CFD1933C37}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{548B6599-5BDC-47C6-9210-FA815289ABF2}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{572DB6DB-2E47-448B-A7D7-577284B50AAE}" = dir=out | name=microsoft solitaire collection | 
"{5A7C8ED3-AF94-4265-9403-9BCFEC300BAB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{5B56C097-72FA-4110-ACFC-2C838B87C7AF}" = dir=out | [email protected]{microsoft.bingsports_3.0.2.317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{5E957947-449A-40C0-9D37-AC61C280F4F2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{64A4D168-B42D-4D7E-8788-27FF96BBF934}" = dir=out | name=hp+ | 
"{6928C984-CF07-4474-A30B-006432314588}" = dir=out | [email protected]{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{6B601B86-97CC-4A77-821F-65A4769447F4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | 
"{6C1E5C3A-A268-4B09-8336-230710FB201F}" = dir=out | [email protected]{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{7179A7EF-AE02-4038-B609-665A4496CCA2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | 
"{77E2BF4D-827F-4D92-8D6B-496962D1F582}" = dir=out | name=kindle | 
"{78EFD202-4937-4DEC-B29E-6D86337F0DEC}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe | 
"{7962E31B-C494-4F42-BA27-18BA50E7CA1B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7B2627AF-95AB-497F-980D-FA0A9B8A46E8}" = dir=in | [email protected]{ad2f1837.gettingstartedwithwindows8_1.5.3.1_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{81C9B64F-6D2B-4811-9B8E-1454E12BA51B}" = dir=out | name=norton studio | 
"{891FDA8E-1583-43AE-B222-3A9E3D58DE7E}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{8AC6AAA2-02FB-4549-9770-D8655B17A857}" = dir=out | name=microsoft mahjong | 
"{8DADDA56-B189-49AB-8AE2-5BF6EE3557AC}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8FBAA27C-5164-4903-92DA-AB7BFAE65377}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{91739678-C54F-4417-AEFF-C7DC05036DC2}" = dir=out | name=yxplayer hd | 
"{973779DD-9FCE-4490-8561-A2C0C70CF33D}" = dir=in | name=hp+ | 
"{9B9E2632-44A0-4998-867C-078C14F0F532}" = dir=out | name=windows_ie_ac_001 | 
"{9DCAAAD4-A8D2-4679-BD60-47C77AD41B82}" = dir=in | name=microsoft mahjong | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A1BA4E58-967D-47A6-8EF0-A86FF161F9D2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | 
"{A420B9F2-C5F5-412A-82DB-A425936DF6C3}" = dir=out | name=hp registration | 
"{A69890A1-DE8D-4B7F-9253-4BB45F202F5C}" = dir=out | [email protected]{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{AACA991E-5C5B-418C-9247-7687B177992D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{AD077977-B97A-4457-A373-98FE09A89A72}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{AF232789-E85F-4494-A40B-F24C271AAC5F}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{AFF3658B-246E-447A-A043-54EDEFCFD950}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{B390C6DB-6C17-4D54-BBD4-32AC89EEA5A8}" = dir=out | name=windows_ie_ac_001 | 
"{B5482D45-7365-4F6A-8655-6BF2F5D479B4}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{B5627523-2A11-4537-825E-14A4F1ED1C11}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BA05AE74-A18F-4B69-AB21-29105FD0B98C}" = dir=out | name=windows_ie_ac_001 | 
"{BCD674AB-095F-4558-82AA-30C6BE7CE2C4}" = dir=out | name=juniper networks junos pulse | 
"{BD40F22F-FF17-4C98-9844-ECD470924EBD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BD9B2CB8-2C7A-4159-87AC-AF3F73C0C312}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | 
"{BE73BC0A-FD4C-4EE4-8D0F-A12A4DAF0AB9}" = dir=out | name=netflix | 
"{BF347BC3-DB4F-475F-98C2-1D62BE08644A}" = dir=in | name=check point vpn | 
"{C366B794-DFD0-47FB-A5B5-4A93E17240A5}" = dir=in | name=juniper networks junos pulse | 
"{C60659B4-ADA6-4D5C-8837-CCBAC06AC35A}" = dir=out | [email protected]{microsoft.bingtravel_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{C637CDA8-1045-4AA7-9109-BD94FC97D468}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | 
"{D3785B3E-7B19-41B1-B8C3-223792B95935}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D727F21A-860A-4CBF-96A9-7F942BA37A92}" = dir=out | name=skype | 
"{D7BA1176-ED6E-4FB2-A7BF-F073EA25C9ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | 
"{D9FA1365-F4F5-4896-8448-2A853DE0EA79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | 
"{DB355A24-BE6D-4F8A-975C-A1F063CCCB16}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{E6A62F38-7650-4CA7-A2D1-C1A192AA99F6}" = dir=out | [email protected]{microsoft.zunevideo_2.6.183.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E828C723-795A-4B8B-946C-8F8E9FE236E5}" = dir=out | [email protected]{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{E862B245-0D50-45AD-9ABE-64CCD38ABFCF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EA046FD3-1E55-491A-9A42-851B4F4B1A2A}" = dir=out | [email protected]{ad2f1837.gettingstartedwithwindows8_1.5.3.1_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} | 
"{EAA687D5-CBB2-456F-8DE7-1C48345B0D57}" = dir=out | name=sonicwall mobile connect | 
"{EBDDB600-4DE1-4540-84DB-19DE4D9171D3}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{EBFE5969-9A33-49E4-88A8-0D7D4F63DB9D}" = dir=out | app=%programfiles% (x86)\wondershare\pdfeditor\pdfeditor.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EE9B55BB-488B-4387-A062-69F5FB054AC3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F37163A5-AD80-480A-BB5B-0D560ABD881E}" = dir=in | app=c:\users\jane\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{F3F092A9-F4A0-4A52-BD3E-FA1A28FD4E17}" = dir=out | name=f5 vpn | 
"{F40D7784-DF41-45E1-B50F-A5B07ADDA9D8}" = protocol=17 | dir=in | app=c:\users\jane\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F87C9E4D-6DAB-478F-B22B-404E42E975BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F8EAC1CF-03A2-41C8-B922-1E133F37FA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FA56F74C-3CF8-4329-8F4B-284772A24DCD}" = protocol=6 | dir=in | app=c:\users\jane\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FDFBF424-CADC-484F-B8B9-4F5411C91B53}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE382408-CFC4-489B-B317-8C99CBFD2B5A}" = dir=out | [email protected]{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"TCP Query User{6C8F963F-905D-479D-8A8D-34AE4FF2EE68}C:\users\jane\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jane\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{A4963EA9-1E5E-43FF-B5AE-6D6CAAE71392}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{D7251644-CDC2-4692-B935-B627BEBB0D63}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{14A69A1E-B4A4-47F0-BDC5-A37CA75EE14F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{69F3C45B-062F-4B04-9A22-A8ADD97572D6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{E957F294-2726-4A6C-BEA6-6E8AB2335EF8}C:\users\jane\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jane\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{118E0280-D6BB-427A-9170-2A7DAA1049B2}" = EasyTether ADB USB driver
"{1C757A31-7FAE-43EA-99C4-672222534BC2}" = calibre 64bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F06417065FF}" = Java 7 Update 65 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}" = AMD Catalyst Install Manager
"{41F22D89-7F71-E83A-08E7-7E7473F4A55D}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5059FA42-FBB8-4A3C-84B2-FE13A7BA55BE}" = HP 3D DriveGuard
"{5C03D793-2852-4464-ADB3-64B2F81BA14B}" = EasyTether
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{69F860CB-69A0-991D-C0A7-2967286A8DDC}" = ccc-utility64
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7EE0022B-77A5-4008-BA8E-69C26F5C9955}" = AMD Fuel
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95DF815D-BE2D-9118-F549-39794C5869CF}" = Ralink Bluetooth Stack64
"{A573D759-F894-448D-A420-3A9C31879F88}_is1" = Remo Recover 4.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFA34E80-5232-11E3-9954-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{C2B8CBDE-5232-11E3-B494-F04DA23A5C58}" = MSVCRT Redists
"{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{F1685080-A18F-39F7-87CC-1FC1C5357364}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"EPSON TX220 Series" = Desinstalador de impresoras EPSON TX220 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001296EA-6321-1D93-6D07-C56469336B6F}" = CCC Help Chinese Traditional
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08BF5606-B92B-91D9-550E-45C40EF82146}" = CCC Help Swedish
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{11960C5F-F2A2-1A1C-F884-2579A22E70BA}" = CCC Help Finnish
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{19B0831B-0C18-4103-86E4-90FCD04CD3B9}" = System Requirements Lab CYRI
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1D968C74-5200-4331-F74D-83E30797B736}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2B6EDD-9374-B327-8F8E-E31AF6A805B0}" = CCC Help German
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{285722F0-59D5-9468-BA6F-72985A2CE931}" = CCC Help Czech
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2B68CAC1-5B99-3465-8982-E4FAB2AE036A}" = CCC Help Russian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{31AC9515-5F70-41D1-F740-B1978B8D48EA}" = CCC Help Greek
"{3361D415-BA35-4143-B301-661991BA6219}" = MyEpson Portal
"{3AE82D96-752D-1505-8F07-FF9504D6D0E5}" = Catalyst Control Center Localization All
"{3D2E0EFF-7E27-ED90-809A-7E59FB05AE63}" = CCC Help Portuguese
"{408133BA-3665-4EF5-9DC4-E6A475DA8119}_is1" = Wondershare PDF Editor OCR
"{46B14AF1-EDFA-4088-AB2B-22A8128A1C54}" = Photo Common
"{4769E972-2E92-49C5-B6F9-465EFD0C4D94}" = VirtualDJ PRO Full
"{481C8C2A-D764-E7B9-8155-316540E71082}" = Catalyst Control Center InstallProxy
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{556390a4-b2c4-44b6-8e5d-96d2a8c88564}" = EasyTether
"{565B9F3F-3617-6859-B821-6F103537489D}" = CCC Help Danish
"{57660847-B1F7-35BD-9118-F62EB863A598}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{59F0E916-7B87-4F09-888B-850F3F0700B5}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{6EB5B377-BD22-2E2E-772F-4A993EAC38FD}" = Catalyst Control Center Graphics Previews Common
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}" = OEM Application Profile
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1" = Wondershare PDF Editor(Build 3.6.5)
"{76BAD284-3559-25EE-AB8C-FBAA8042B24B}" = CCC Help English
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{777C7020-402D-4F73-D4C8-B375AFB5CFF7}" = CCC Help Polish
"{7E090AA3-1AA3-749F-4C2F-16CDB816651F}" = CCC Help Turkish
"{803D4B7D-71CD-46B9-8F89-8BFD73920FAF}" = Windows Live UX Platform Language Pack
"{8162B13E-896E-40DF-EB30-5252BF25CC03}" = CCC Help Norwegian
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}" = HydraVision
"{8A17260E-6572-1DE2-6E73-C297A31093C1}" = CCC Help Chinese Standard
"{8ADE1C0F-CC4B-46CC-92E2-855B6E39BD2A}" = WRC 2 FIA World Rally Championship
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8E0AFE95-5099-1CB1-A3D1-1BFB2546F1F1}" = CCC Help Thai
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Access MUI (Spanish) 2013
"{90150000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Excel MUI (Spanish) 2013
"{90150000-0018-0C0A-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Spanish) 2013
"{90150000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Publisher MUI (Spanish) 2013
"{90150000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Outlook MUI (Spanish) 2013
"{90150000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Word MUI (Spanish) 2013
"{90150000-001F-0403-0000-0000000FF1CE}" = Eines de correcció del Microsoft Office 2013: català
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0416-0000-0000000FF1CE}" = Revisores de Texto do Microsoft Office 2013 – Português do Brasil
"{90150000-001F-042D-0000-0000000FF1CE}" = Microsoft Office zuzenketa-tresnak 2013 - Euskara
"{90150000-001F-0456-0000-0000000FF1CE}" = Ferramentas de verificación de Microsoft Office 2013 - Galego
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2013
"{90150000-0044-0C0A-0000-0000000FF1CE}" = Microsoft InfoPath MUI (Spanish) 2013
"{90150000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2013
"{90150000-0090-0C0A-0000-0000000FF1CE}" = Microsoft DCF MUI (Spanish) 2013
"{90150000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft OneNote MUI (Spanish) 2013
"{90150000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Groove MUI (Spanish) 2013
"{90150000-00E1-0C0A-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Spanish) 2013
"{90150000-00E2-0C0A-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Spanish) 2013
"{90150000-012B-0C0A-0000-0000000FF1CE}" = Microsoft Lync MUI (Spanish) 2013
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{959BC6D1-38C8-441F-9466-9ECCD4E68413}" = Galería de fotos
"{97373E60-D071-418A-87F1-A969EEEEBDAC}" = Windows Live Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A83F6EE0-A42E-66D8-88B6-90A475602565}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C086E8FA-7445-4E07-1310-4616EC120EE7}" = CCC Help Dutch
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2F88EE6-D343-F986-E8F1-F012B294CEA7}" = CCC Help Korean
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}" = HPDetect
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D37C1AFD-4B44-12B5-B833-1AA7725C32A4}" = AMD Catalyst Control Center
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D8735515-0DB5-DCBD-C303-37D32DE4363F}" = CCC Help Japanese
"{db012557-340e-4a46-adae-81a6b0f6a1e9}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{DD27F8B0-BFDE-4188-89A0-BBF389FC367E}" = HP Documentation
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}" = Movie Maker
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4BB976A-A6E5-49A4-9885-A58B519C2705}" = WRC 2 FIA World Rally Championship
"{E4F406B9-319B-2C33-54CE-84A46DA47BFB}" = CCC Help French
"{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch
"{e6edaf4d-f9a1-4023-be00-d6189343feb9}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{EC58A9C9-22D8-FA14-785E-37B8C290AA8D}" = CCC Help Spanish
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"AIMP3" = AIMP3
"BSPlayerf" = BS.Player FREE
"DAEMON Tools Lite" = DAEMON Tools Lite
"EasyBits Magic Desktop" = Magic Desktop
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versión 2.0.2.1012
"Mozilla Firefox 28.0 (x86 es-AR)" = Mozilla Firefox 28.0 (x86 es-AR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3jam_is1" = MP3jam 1.1.1.9
"MyEpson Portal" = MyEpson Portal
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = Juegos WildTangent
"WinLiveSuite" = Windows Live Essentials
"WTA-12dc6d46-94fb-4341-85e2-a1beeb801f4e" = John Deere Drive Green
"WTA-160bcd84-b165-49c6-99ee-91cd2a6e34a0" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-33bb9965-8cb3-4d78-a599-451a0bc7ed5d" = Hoyle Card Games
"WTA-3cb7c445-d3b7-4b9d-8fd4-ae9ea5012181" = Trinklit Supreme
"WTA-3fd71ddf-723c-4ccf-b191-bd6bfd244266" = Roads of Rome 3
"WTA-4e9ac211-4aa4-49b0-b774-45da969624ba" = Jewel Match 3
"WTA-61a97cfa-50c5-449d-b4c7-b249ddc389f1" = Crazy Chicken Soccer
"WTA-6decf6d8-dd8d-4ef7-8948-4cf9a4e8e4bb" = Letters from Nowhere 2
"WTA-7537295d-2b9d-4358-bc8f-70fcfad1b0b6" = Luxor Evolved
"WTA-753cd30c-855e-4a64-bff8-2faed19f7599" = The Treasures of Mystery Island: The Ghost Ship
"WTA-77960397-3a0e-4dc6-bcbe-922c769359c8" = Royal Envoy 2 Collector's Edition
"WTA-77b16ed3-b3a1-4d0f-9762-f7a4973c7490" = Farm Frenzy
"WTA-802bcff3-09b7-41b2-b72c-e327be606aa5" = House of 1000 Doors: Family Secrets
"WTA-83fab753-b2d1-497d-aa4a-333e113e994b" = Build-a-lot 4 - Power Source
"WTA-9066675e-aaf7-470b-a0b5-6885dfeb515d" = Polar Golfer
"WTA-96dee1cb-4a84-4f2b-a44e-5d6dabfa0412" = Final Drive Fury
"WTA-9875f1ea-308a-4ad3-b5cb-2ef158301df8" = Gardenscapes: Mansion Makeover
"WTA-af1dcc5e-9c81-41c2-b8ea-8cbba98c8f27" = Peggle Nights
"WTA-b885252c-0a6e-4730-8aaa-2648e0956a57" = 4 Elements II
"WTA-c4581142-f858-47d6-9bd2-a7e0ab7a4445" = Penguins!
"WTA-c5a49dbb-17a3-4b10-9885-58159b61d0ec" = Cradle of Rome 2
"WTA-cffdd7ff-b1fd-48c2-a144-e851300d8971" = Bejeweled 3
"WTA-d31d788f-eb45-452b-9988-75ab6b7e3079" = Governor of Poker 2 Premium Edition
"WTA-d8679ce3-d7a9-4227-981d-a0f7df268984" = Polar Bowler
"WTA-e3f9a613-ca6b-4818-ab6c-9eb70b0b16ef" = Aloha TriPeaks
"WTA-e5a9313b-d181-4f73-98d7-d59152b7ad49" = Zuma's Revenge
"WTA-f7385d0c-bdfd-4e52-8677-30230fb24da5" = Youda Jewel Shop
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3700017526-2387465574-2218740973-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0 A.D." = 0 A.D.
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06/08/2014 01:19:49 p.m. | Computer Name = Leo-Mauri | Source = Application Hang | ID = 1002
Description = El programa LiveComm.exe, versión 17.5.9600.20573, dejó de interactuar
 con Windows y se cerró. Para ver si hay más información disponible acerca del problema,
 compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador
 de proceso: f94    Hora de inicio: 01cfb199d899081f    Hora de finalización: 4294967295
 
Ruta
 de acceso de la aplicación: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Identificador
 de informe: d6135162-1d8d-11e4-bf27-f4b7e25641c8    Nombre completo de paquete con 
errores: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe    Identificador
 de aplicación relativa del paquete con errores: ppleae38af2e007f4358a809ac99a64a67c1
 
 
Error - 06/08/2014 04:08:58 p.m. | Computer Name = Leo-Mauri | Source = Application Hang | ID = 1002
Description = El programa wwahost.exe, versión 6.3.9600.17031, dejó de interactuar
 con Windows y se cerró. Para ver si hay más información disponible acerca del problema,
 compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador
 de proceso: 1a0c    Hora de inicio: 01cfb1b1861e7ae1    Hora de finalización: 4294967295
 
Ruta
 de acceso de la aplicación: C:\WINDOWS\syswow64\wwahost.exe    Identificador de informe:
 7d16b68c-1da5-11e4-bf27-f4b7e25641c8    Nombre completo de paquete con errores: Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5c
 
Identificador
 de aplicación relativa del paquete con errores: App  
 
Error - 06/08/2014 04:53:56 p.m. | Computer Name = Leo-Mauri | Source = Application Hang | ID = 1002
Description = El programa wwahost.exe, versión 6.3.9600.17031, dejó de interactuar
 con Windows y se cerró. Para ver si hay más información disponible acerca del problema,
 compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador
 de proceso: 1394    Hora de inicio: 01cfb1b7cf8cfc2f    Hora de finalización: 4294967295
 
Ruta
 de acceso de la aplicación: C:\WINDOWS\syswow64\wwahost.exe    Identificador de informe:
 c590f5d1-1dab-11e4-bf27-f4b7e25641c8    Nombre completo de paquete con errores: Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5c
 
Identificador
 de aplicación relativa del paquete con errores: App  
 
Error - 07/08/2014 02:17:43 a.m. | Computer Name = Leo-Mauri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07/08/2014 02:17:43 a.m. | Computer Name = Leo-Mauri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15328
 
Error - 07/08/2014 02:17:43 a.m. | Computer Name = Leo-Mauri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15328
 
Error - 07/08/2014 09:48:56 a.m. | Computer Name = Leo-Mauri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07/08/2014 09:48:56 a.m. | Computer Name = Leo-Mauri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1500
 
Error - 07/08/2014 09:48:56 a.m. | Computer Name = Leo-Mauri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1500
 
Error - 07/08/2014 06:20:05 p.m. | Computer Name = Leo-Mauri | Source = Google Update | ID = 20
Description = 
 
[ Hewlett-Packard Events ]
Error - 29/10/2013 09:57:18 p.m. | Computer Name = Leo-Mauri | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   en HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Message:
 Referencia a objeto no establecida como instancia de un objeto.  StackTrace:   en
 HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()  Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: es-ES  RAM: 7650
Ram
 Utilization: 20  TargetSite: Void addTempSession()  
 
[ HP Software Framework Events ]
Error - 01/07/2014 10:10:52 p.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/02 10:10:52.726|000018FC|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 01/07/2014 10:10:56 p.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/02 10:10:56.527|00001B68|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 17/07/2014 11:43:59 a.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/17 23:43:59.442|00001A38|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 17/07/2014 11:44:01 a.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/17 23:44:01.122|00001E00|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 18/07/2014 11:57:31 a.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/18 23:57:30.901|00001B7C|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 22/07/2014 09:56:28 p.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/23 09:56:28.855|00001700|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 22/07/2014 09:56:33 p.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/23 09:56:33.029|0000135C|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 29/07/2014 09:40:56 p.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/30 09:40:56.263|00001108|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 29/07/2014 09:40:56 p.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/07/30 09:40:56.289|000010D4|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
Error - 05/08/2014 09:36:39 p.m. | Computer Name = Leo-Mauri | Source = CaslSmBios | ID = 5
Description = 2014/08/06 09:36:39.214|00000BB4|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 232 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
[ System Events ]
Error - 31/05/2014 08:15:07 a.m. | Computer Name = Leo-Mauri | Source = Service Control Manager | ID = 7000
Description = El servicio Windows Search no pudo iniciarse debido al siguiente error:
   %%1053
 
Error - 31/05/2014 08:15:07 a.m. | Computer Name = Leo-Mauri | Source = DCOM | ID = 10005
Description = 
 
Error - 01/06/2014 12:58:18 p.m. | Computer Name = Leo-Mauri | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 0:28:51 del ?02/?06/?2014 resultó
 inesperado.
 
Error - 01/06/2014 12:58:18 p.m. | Computer Name = LEO-MAURI | Source = BugCheck | ID = 1001
Description = 
 
Error - 01/06/2014 12:58:42 p.m. | Computer Name = Leo-Mauri | Source = Service Control Manager | ID = 7034
Description = El servicio BlueSoleilCS se terminó de manera inesperada. Esto ha 
sucedido 1 veces.
 
Error - 01/06/2014 04:23:46 p.m. | Computer Name = Leo-Mauri | Source = Service Control Manager | ID = 7034
Description = El servicio BlueSoleilCS se terminó de manera inesperada. Esto ha 
sucedido 1 veces.
 
Error - 02/06/2014 02:20:22 p.m. | Computer Name = Leo-Mauri | Source = Service Control Manager | ID = 7023
Description = El servicio Superfetch se cerró con el siguiente error:   %%1062
 
Error - 03/06/2014 08:00:20 a.m. | Computer Name = Leo-Mauri | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 11:59:37 del ?03/?06/?2014 resultó
 inesperado.
 
Error - 04/06/2014 07:32:06 a.m. | Computer Name = Leo-Mauri | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 10:35:16 del ?04/?06/?2014 resultó
 inesperado.
 
Error - 04/06/2014 07:32:35 a.m. | Computer Name = Leo-Mauri | Source = Service Control Manager | ID = 7034
Description = El servicio BlueSoleilCS se terminó de manera inesperada. Esto ha 
sucedido 1 veces.
 
 
< End of report >
 

Edited by Jane25, 08 August 2014 - 06:14 PM.

  • 0

#5
Jane25

Jane25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
# AdwCleaner v3.304 - Reporte Creado 08/08/2014 en 09:20:06
# Actualizado 08/08/2014 por Xplode
# Sistema Operativo : Windows 8.1 Single Language  (64 bits)
# Nombre de usuario : jane - LEO-MAURI
# Ejecutado desde : C:\Users\jane\Desktop\AdwCleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Archivos / Carpetas ] *****
 
 
***** [ Tareas ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v28.0 (es-AR)
 
[ Archivo : C:\Users\jane\AppData\Roaming\Mozilla\Firefox\Profiles\b22uujhv.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ Archivo : C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Borrar [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=MCE917D57-AA9D-4152-8B84-E9111A34439D&SearchSource=55&CUI=&UM=5&UP=SP88D6F7B1-EF57-4735-B99B-09B3FBF6BE28&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [9792 octets] - [19/06/2014 09:44:32]
AdwCleaner[R1].txt - [9852 octets] - [19/06/2014 09:46:30]
AdwCleaner[R2].txt - [9632 octets] - [19/06/2014 09:48:24]
AdwCleaner[R3].txt - [5624 octets] - [06/08/2014 10:45:15]
AdwCleaner[R4].txt - [1531 octets] - [08/08/2014 09:19:48]
AdwCleaner[S0].txt - [7885 octets] - [19/06/2014 09:49:36]
AdwCleaner[S1].txt - [4913 octets] - [06/08/2014 10:47:15]
AdwCleaner[S2].txt - [1446 octets] - [08/08/2014 09:20:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1506 octets] ##########

  • 0

#6
Jane25

Jane25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by jane on 08/08/2014 at 10:58:44,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\jane\AppData\Roaming\getrighttogo"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\jane\AppData\Roaming\mozilla\firefox\profiles\b22uujhv.default\prefs.js
 
user_pref("extensions.5AxpW.url", "hxxp://toolkitjob.in/sync2/?q=hfZ9ofV9CShEAen0rja4rihTB6lKDzt4okxitNtVh7n0rjnEqjsGrTa8rjs9tMFHhd9Fqda7rjwErdn7rTwMDMlGojUMAe4UojUFrdkEpdUFrT
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/08/2014 at 11:04:57,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#7
Jane25

Jane25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
 
Zoek.exe v5.0.0.0 Updated 07-August-2014
Tool run by jane on 08/08/2014 at 11:11:56,15.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jane\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
08/08/2014 11:13:42 a.m. Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\jane\AppData\Roaming\Mozilla\Firefox\Profiles\b22uujhv.default
 
user.js not found
---- Lines extensions.5AxpW removed from prefs.js ----
user_pref("extensions.5AxpW.epoch", "1402534021");
---- Lines extensions.Q6V5r4RdX_Kr removed from prefs.js ----
user_pref("extensions.Q6V5r4RdX_Kr.epoch", "1402534022");
user_pref("extensions.Q6V5r4RdX_Kr.url", "http://getsync.info/...C7n0rjnEqTwFrda
---- FireFox user.js and prefs.js backups ---- 
 
prefs_082014_1124_.backup
 
==== Deleting Files \ Folders ======================
 
C:\Users\jane\AppData\LocalLow\{7658037B-7217-2725-49AD-8CC9F942CE0A} deleted
C:\Users\jane\AppData\LocalLow\{EBDCC002-2889-6CC2-876E-7104C89B4D67} deleted
C:\Users\jane\AppData\Local\Packages\windows_ie_ac_001\AC\{7658037B-7217-2725-49AD-8CC9F942CE0A} deleted
C:\Users\jane\AppData\Local\Packages\windows_ie_ac_001\AC\{EBDCC002-2889-6CC2-876E-7104C89B4D67} deleted
C:\PROGRA~3\Battle.net deleted
C:\Users\jane\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\install.exe deleted
C:\Users\jane\AppData\Roaming\Wondershare deleted
C:\Users\jane\AppData\Roaming\myMPQ.ini deleted
C:\Users\jane\update-oblivion.bat deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\jane\AppData\Local\nsmBD61.tmp deleted
C:\Users\jane\AppData\Local\Wondershare deleted
C:\Users\jane\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\jane\Searches deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
"C:\Users\jane\AppData\Local\LumaEmu" deleted
"C:\PROGRA~3\16cae2c66581c6e\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\16cae2c66581c6e\{7DD5E91C-3864-77EC-7635-D14910C2A03E}" deleted
"C:\PROGRA~3\16cae2c66581c6e\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old" deleted
"C:\PROGRA~3\16cae2c66581c6e" deleted
"C:\Users\jane\AppData\Roaming\data" deleted
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\jane\AppData\Roaming\Mozilla\Firefox\Profiles\b22uujhv.default
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\jane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
E3D40D344C196E66D4346CCECED7AC1C - C:\Users\jane\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll - HPDetect
DAD55CEF682EAE6FA7B4C9487563A496 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director
 
 
==== Chrome Look ======================
 
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd
save net - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd
save net - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp
YoutubeAdblocker - Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd
save net - Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp
YoutubeAdblocker - Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd
save net - Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp
YoutubeAdblocker - jane\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd
save net - jane\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp
Magisto - jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk
AdBlock - jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Picovico - Creates amazing videos - jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilclliijlkocpckoinfhkmnfhaiiapdk
Plants vs Zombies - jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina
Dolphin Connect - jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pajecklcmiegagoelbbjldmfcbcpdpll
YoutubeAdblocker - jane\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd
save net - jane\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp
 
==== Chromium Startpages ======================
 
C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com.ar/" ],
 
 
==== Chrome Fix ======================
 
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\jane\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\jane\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ffeeecmplbcgefjcjpcdmldodpgnjdgd_0.localstorage deleted successfully
C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffeeecmplbcgefjcjpcdmldodpgnjdgd deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp deleted successfully
C:\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp deleted successfully
C:\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp deleted successfully
C:\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp deleted successfully
C:\Users\jane\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp deleted successfully
C:\Users\jane\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gijdjookaihlmldjangpaflfhdlkkfbp deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...TR&pc=HPNTDFJS"
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jane\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jane\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\jane\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=1725 folders=198 732523193 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jane\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\jane\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 08/08/2014 at 11:29:32,57 ======================

  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Although I'd still like to see the results of the Security Check, the other logs look fine.

 

Are you getting any better response today?


  • 0

#9
Jane25

Jane25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java version out of Date! 
 Adobe Flash Player  14.0.0.145  
 Mozilla Firefox (28.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 


It may be a little better. However, after closing all programs I tested the download speed and it's 2,30 mbps, while my other pc shows over 6 mbps download speed.
I don't know if it helps but this is the result of the command they made me type in 
 
C:\Users\Jane>netstat -o -n
 
Active connections
 
  Proto    Local Address            Foreign Address            State                    PID
  TCP    192.168.0.11:51710     64.233.186.188:5228    ESTABLISHED     1108
  TCP    192.168.0.11:52184     157.56.100.128:443     FIN_WAIT_1      4792
  TCP    192.168.0.11:52217     64.233.186.121:80      ESTABLISHED     1108
  TCP    192.168.0.11:52265     64.233.186.125:443     ESTABLISHED     1108
  TCP    192.168.0.11:52271     157.56.98.32:443       ESTABLISHED     4792
  TCP    192.168.0.11:52397     64.233.186.99:443      ESTABLISHED     1108
  TCP    192.168.0.11:52398     181.30.241.46:443      TIME_WAIT       0
  TCP    192.168.0.11:52399     181.30.241.95:443      TIME_WAIT       0
  TCP    192.168.0.11:52401     181.30.241.53:443      TIME_WAIT       0
  TCP    192.168.0.11:52402     64.233.186.132:443     TIME_WAIT       0
  TCP    192.168.0.11:52403     181.30.241.82:443      TIME_WAIT       0
  TCP    192.168.0.11:52404     181.30.241.82:443      ESTABLISHED     1108
  TCP    192.168.0.11:52409     74.117.206.155:80      ESTABLISHED     1108
  TCP    192.168.0.11:52410     74.117.206.155:80      ESTABLISHED     1108
  TCP    192.168.0.11:52411     74.117.206.155:80      ESTABLISHED     1108
  TCP    192.168.0.11:52412     74.117.206.155:80      ESTABLISHED     1108
  TCP    192.168.0.11:52413     74.117.206.155:80      ESTABLISHED     1108
  TCP    192.168.0.11:52414     74.117.206.155:80      ESTABLISHED     1108
  TCP    192.168.0.11:52421     23.197.58.94:443       ESTABLISHED     1108
  TCP    192.168.0.11:52422     23.197.58.94:80        ESTABLISHED     1108
  TCP    192.168.0.11:52435     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52436     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52437     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52438     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52439     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52440     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52441     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52442     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52444     157.56.100.27:443      ESTABLISHED     4792
  TCP    192.168.0.11:52445     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52446     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52447     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52448     192.168.0.1:80         TIME_WAIT       0
  TCP    192.168.0.11:52451     134.170.184.137:443    ESTABLISHED     3944
  TCP    192.168.0.11:52452     134.170.107.72:443     ESTABLISHED     3944

  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Jane,

 

Would you locate and post for the log created by the OTL fix. Not the Scan Results that you've already posted, but the Fix file. It's located here C:\_OTL\Moved Files  and you may see several files there. For us, it's the one with the date that you ran OTL.  I have a funny feeling that the OTL fix didn't work. It could have been something I did incorrectly in the fix or it might hint at something more "telling" that would lead us to these speed issues.

 

If I can't solve this, I will refer you to our Hardware folks that a far better at speed issues than I am. However, let's get all the Malware off your computer  first and also update your Java (Notice that it was in red on the report); we'll do that in a few posts.

 

 

 

 


  • 0

#11
Jane25

Jane25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I could not find the fix file. There are folders from the other programs I ran, but not the otl folder. Not in the stated location at least.

I've updated my java version.

 

Ok, thanks anyway, I really appreciate you've taken the time to help me.


  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

I'm not convinced that the OTL fix worked, so before I send you on your way I'd like you to re-run it based on the instructions below. Make sure to post back the Moved FIles log that gets produced. I'll have a look at that and see where we are.

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
:commands

[CreateRestorePoint]
:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found

O4 - HKCU..\Run: [Epson Stylus TX220] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDL.EXE /FU "C:\Windows\TEMP\E_S3C8D.tmp" /EF "HKCU" File not found

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O30 - LSA: Security Packages - (livessp) -  File not found
:Commands

[EMPTYTEMP]

[REBOOT]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 


  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: internet, slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP