Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer very slow and no wi-fi connection [Solved]

Started by dragues , Sep 15 2014 04:18 PM

  • This topic is locked This topic is locked

#1
dragues
Posted 15 September 2014 - 04:18 PM

dragues

    Member

  • Member
  • PipPip
  • 74 posts

Hi, it's been a several months ago that my pc is very very slow. When it starts windows sometimes it takes like 5 or 10 minutes.

 

Also, sometimes when I'm shopping online, if I mouse over a picture if gives me a popup with similar items from other stores. 

 

And also,when I open chrome it opens two windows, and one with a search dial webpage.

 

Finally, and the most annoying thing, is that my wi-fi connection crashes all the time. It gets stucked in "Identifying network". I have to unplugged the modem and then connect it again like 4 o 5 times a day, sometimes more. And it's my computer, because the other pcs and devices of my family don''t have this problem.

 

Thank you very much and sorry for my english Here is the log:

 

OTL logfile created on: 15/09/2014 05:01:02 p.m. - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dragues\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 62.83% Memory free
15.81 Gb Paging File | 12.45 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 143.54 Gb Free Space | 15.62% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DRAGUES-PC | User Name: dragues | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\dragues\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\dragues\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d8d39c50a61cf86666e90503ed4784ba\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\352290f32be5a65dc4142796273f069e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\fa41b4e5d6bdf1c95361c3e8d839bfbb\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\af8fbf8264223a599b742984ceeb2b35\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\fb57a4603c9eeb122ae1c85034ef7921\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\00c35eb74751496223e687c7f827836b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ef55438a0f6ddd26952bbd816d094390\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bea43e490631da53463fe45e89b907b1\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f4292d91bd7d00b9a67d2ce630c665f3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\349461c3a273efc2b4bd643c2645bd70\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4b6559c37c2745b865dad63c6d17ae4e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b257f78ec0ec4e36de8ef43ab38ca0ad\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
MOD - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll ()
MOD - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll ()
MOD - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_es_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_es_b77a5c561934e089\System.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McAPExe) -- C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.)
SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (CxUtilSvc) -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Conexant Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (Intel® -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - ({55685567-4840-4a91-962b-49a412e9485a}Gw64) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys (StdLib)
DRV:64bit: - ({9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64) -- C:\Windows\SysNative\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys (StdLib)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=285528264&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8735620E-D7A7-4BA2-A061-22B796F062FA}
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{8735620E-D7A7-4BA2-A061-22B796F062FA}: "URL" = http://start.mysearc...r=285528264&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=285528264&ir=
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8735620E-D7A7-4BA2-A061-22B796F062FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=285528264&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {8735620E-D7A7-4BA2-A061-22B796F062FA}
IE - HKCU\..\SearchScopes\{8735620E-D7A7-4BA2-A061-22B796F062FA}: "URL" = http://start.mysearc...r=285528264&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:4.3
FF - prefs.js..extensions.enabledAddons: WebSiteRecommendation%40weliketheweb.com:1.1.2
FF - prefs.js..extensions.enabledAddons: %7Bcc6cc772-f121-49e0-b1f0-c26583cb0c5e%7D:0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\dragues\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dragues\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dragues\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/31 12:51:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/08/31 12:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/10/25 01:00:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/31 12:51:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/08/31 12:51:34 | 000,000,000 | ---D | M]
 
[2014/05/31 16:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dragues\AppData\Roaming\Mozilla\Extensions
[2014/09/09 20:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions
[2014/09/09 20:08:03 | 000,000,000 | ---D | M] ("Website Counselor") -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
[2014/07/12 11:38:12 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\[email protected]
[2014/03/30 19:23:53 | 000,000,000 | ---D | M] ("WebSite Recommendation") -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\[email protected]
[2013/09/04 19:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profilestdtexgid.default\extensions
[2013/09/04 19:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profilestdtexgid.default\extensions\staged
[2012/11/16 00:12:28 | 000,013,822 | ---- | M] () (No name found) -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2014/03/18 19:36:26 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2014/02/08 18:43:36 | 000,002,397 | ---- | M] () -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\searchplugins\Mysearchdial.xml
[2014/08/31 12:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/08/31 12:51:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\dragues\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dragues\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - default_search_provider: BDA8A57299C04282AFEE2A11C7BCC450EC1C4C60AB65F5991EADA8FAA384A587 (Enabled)
CHR - default_search_provider: search_url = ADF2131F67A47AAA98B30BD6F6575218B5CEBBBCBE72EEC84A07D90C07110C52
CHR - default_search_provider: suggest_url = 
CHR - homepage: 30D1D1A08656ECA98BD2B7276D3295CB7647FF7CAD44BBBC6E76D4C2B06EAB18
CHR - Extension: Google Docs = C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Búsqueda de Google = C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: WebSite Recommendation = C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\2.4_0\
CHR - Extension: Gmail = C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/01 17:43:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =   [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Descargar con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Descargar con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A780B4AD-2369-44DD-BA4D-A05E1EA9463D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4F3D782-62CC-4F93-BEB0-77D40DC9F3BE}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/15 16:59:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dragues\Desktop\OTL.exe
[2014/09/15 15:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/09/15 02:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/09/15 02:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/09/15 02:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/09/15 02:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/09/15 02:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/09/12 00:34:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/10 02:19:34 | 000,000,000 | ---D | C] -- C:\d65777422acd7edf25aba29fb340a5
[2014/08/31 15:25:33 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2014/08/31 12:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/30 13:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2012/08/16 18:18:14 | 006,233,848 | ---- | C] (Absolute Software Corp.) -- C:\Users\dragues\AppData\Roaming\LoJackSetup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/15 17:02:05 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001UA.job
[2014/09/15 16:59:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dragues\Desktop\OTL.exe
[2014/09/15 16:56:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/15 16:54:33 | 001,678,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/15 16:54:33 | 000,747,970 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2014/09/15 16:54:33 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/15 16:54:33 | 000,159,410 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2014/09/15 16:54:33 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/15 15:34:13 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/15 15:34:13 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/15 15:25:31 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2014/09/15 15:25:27 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2014/09/15 15:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/15 15:25:09 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/15 14:32:43 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001UA.job
[2014/09/15 02:19:22 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/09/15 01:57:04 | 000,000,066 | ---- | M] () -- C:\Users\dragues\AppData\Roaming\WB.CFG
[2014/09/15 01:02:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001Core1cf8f712f9cb0d0.job
[2014/09/14 21:08:01 | 000,002,382 | ---- | M] () -- C:\Users\dragues\Desktop\Google Chrome.lnk
[2014/09/14 20:28:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001Core.job
[2014/09/13 00:41:32 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2014/09/13 00:40:53 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2014/09/12 00:36:28 | 001,652,804 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/05 21:18:38 | 000,431,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/30 13:54:16 | 000,000,859 | ---- | M] () -- C:\Users\dragues\Desktop\µTorrent.lnk
 
========== Files Created - No Company Name ==========
 
[2014/09/15 02:19:22 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/07 23:24:41 | 000,063,161 | ---- | C] () -- C:\Users\dragues\True.Detective.S01E01.The.Long.Bright.Dark.HDTV.x264-2HD.srt
[2014/05/21 23:54:09 | 000,000,066 | ---- | C] () -- C:\Users\dragues\AppData\Roaming\WB.CFG
[2013/11/01 17:32:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/01 17:32:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/01 17:32:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/01 17:32:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/01 17:32:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/26 16:58:48 | 007,261,256 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2013/01/26 16:58:48 | 000,018,041 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/10 17:53:06 | 000,000,552 | ---- | C] () -- C:\Users\dragues\AppData\Roaming\AbsoluteReminder.xml
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/08/16 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\Absolute Software
[2014/05/18 01:57:36 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\DealPly
[2014/09/12 00:08:28 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\Dropbox
[2013/01/17 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\EAC
[2012/08/10 17:56:16 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\Fingertapps
[2013/01/17 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\freac
[2014/05/18 01:57:57 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\iTunes Agent
[2014/05/18 02:06:45 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\Jaran Nilsen
[2014/09/15 02:28:50 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\Mipony
[2012/12/17 01:13:33 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\Pegasys Inc
[2013/05/14 17:54:10 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\SoftGrid Client
[2012/08/12 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\TP
[2014/09/15 17:13:05 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\uTorrent
[2013/06/15 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\WinAVI
[2014/07/01 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\Windows Live Writer
[2013/10/05 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\dragues\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

Advertisements

#2
BrianDrab
Posted 18 September 2014 - 06:00 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Do you still need assistance? If so I would be happy to help.

 

I see that you ran OTL at least three times. Was there a reason? Were you working with someone else on this?

 

The first time that you would have run OTL, there should have been an Extras.txt file that was also created on your Desktop. Can you open this file and paste the contents?

 

Thank you.


  • 0

#3
dragues
Posted 18 September 2014 - 07:03 PM

dragues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Hi, thank you for your time and help. Maybe the reason I ran OTL two more times is that I posted a year ago. The problem was that I had to free space from my hardrive cause I only had .10% free. But at that time I didn't have any money to buy DVDs to do a backup to free space.

 

So yes, please, I still need assistance.

 

There is not any Extras.txt in my desktop. I think the reason is that I clicked the quick scan button as the turorial in this forum says. I think the extras.txt generates only when you do a complete scan. Do you want me to do a full scan? Thank you again.


  • 0

#4
BrianDrab
Posted 19 September 2014 - 04:43 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. Please follow the steps below to generate the Extras.txt file. Thanks.

 

1. Open OTL back up by right-clicking on it and choose Run as administrator.
2. Check "Use SafeList" under the Extra Registry section.
    Extras.JPG
3. Click the Run Scan button.
4. OTL.txt and Extras.txt will be opened and created on your desktop. Since I already have the OTL, please paste the contents of Extras.txt into your next reply.


  • 0

#5
dragues
Posted 20 September 2014 - 12:51 AM

dragues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Here is the log. Tnank you.

 

OTL Extras logfile created on: 20/09/2014 01:40:25 a.m. - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dragues\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
7.88 Gb Total Physical Memory | 5.72 Gb Available Physical Memory | 72.66% Memory free
15.75 Gb Paging File | 13.47 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 162.05 Gb Free Space | 17.63% Space Free | Partition Type: NTFS
 
Computer Name: DRAGUES-PC | User Name: dragues | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E67BE4-539E-4B75-8AD6-1F42F0105544}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{107D47C9-73C2-4C6A-A73C-1A1B9E29FB3E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1B1F64EC-479E-49C5-8CB3-64DD8C39A8FD}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | 
"{1CA7F875-5370-44C7-92CD-12E34F95491D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20A684CD-D155-47A5-8DAC-0BA80CEC8C5F}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | 
"{23E6901D-35EB-42D7-BC4C-36B8C7C3B7AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2D86E1ED-A004-4ECC-9F5D-5D2B387FD654}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{44C1197B-68AC-4EFD-9F55-FCD538D46A70}" = rport=138 | protocol=17 | dir=out | app=system | 
"{498E84EA-6C3F-4F4E-8FC8-A4F145F1DD0C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4E28A9B9-B0FC-4F22-9BEC-677D22EB2090}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{4FE1091F-26F7-4469-B72D-8A00F675A6B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5C49FA45-A6DD-4D77-9A72-904179E77004}" = rport=445 | protocol=6 | dir=out | app=system | 
"{69F74B96-329F-4BF8-96BF-D635FF4830A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A026B83-091E-4F80-A537-C0FCB0B5F3D1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{746E3406-7A29-488C-AB49-8226F4155557}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8939627F-212D-4EC1-AFFE-2C7176D27EF5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8B32AF57-4BC8-4CBE-B24C-798866DD128F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{95438483-EED6-48D4-A65E-840609211788}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9F8A672B-D4FE-4590-B837-AB583197B092}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A707B07F-B673-4630-B438-8A24548C81DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AD89F232-A21D-45BD-9799-8AE39E62AEED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B0CB116D-6C30-4B48-997B-3C28690E7405}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | 
"{B76005F8-4C50-46D6-B88F-696060E71C75}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C7205968-4097-4D53-A8CD-16AD48CB5E66}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D49FE18A-F5A6-4FC2-9E1A-740F494C16F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DFF68231-DE26-400B-89E0-ED41844F62BF}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | 
"{E1E79025-8B0D-4382-A50C-459D0744AA38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F1FA4FA9-5C68-4DF9-B0BB-9012882D3092}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C06F30-EBED-430E-BC8A-A5F445E1C140}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0303A7FA-A60C-4F07-9A67-E98BE1337FC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{031ED2F4-2F6F-4C22-A879-99F1CABE9906}" = protocol=1 | dir=out | [email protected],-28544 | 
"{0AA5A21A-68E6-432B-BDE4-D4D7E7923525}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0D7BCBE6-E73A-4D48-A9EF-9166BE18B04F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{0EEE55B2-0D45-4FDD-86FA-BBAABF4DC1B0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{196EE782-EB5D-4A69-BA62-266D418915C1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{1987C88E-BBDC-4645-ADDB-34A5489B85BB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{1BB276AF-DEAD-462E-B65A-077EDBD1BB7E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | 
"{22AB306D-0224-4058-95C8-F5BB1D487DEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{289D5A3A-4933-418A-A7E4-E93D23FFF5DE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{2DE2685E-F7A8-49EA-A7D7-E923872F64DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FE06F90-AB81-4037-8AD9-6430DFA7B444}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{330E6CC4-CA5E-4F01-A775-99C130B2218A}" = protocol=6 | dir=in | app=c:\users\dragues\appdata\roaming\utorrent\utorrent.exe | 
"{33317D3E-C3B3-4237-B97F-583761814BF6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | 
"{3F40CC79-682E-4079-9076-19CCF152AD16}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | 
"{45076459-839A-4E6B-BF98-583A63CAA6D3}" = protocol=6 | dir=in | app=c:\users\dragues\appdata\roaming\dropbox\bin\dropbox.exe | 
"{45801BC0-4454-41EF-9BE1-AC239C38E6D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{474B97F1-7600-47D5-8070-C97C6977610B}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{47A621C7-F0B2-4F62-9C1A-BEA91BE6CEE2}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | 
"{489CA8EA-8893-400D-8DB4-0720441A544C}" = dir=in | app=c:\users\dragues\appdata\local\microsoft\skydrive\skydrive.exe | 
"{4921AF52-B4DF-42A3-8839-9E643121F5B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49ED4C5A-29BB-4056-8F3E-92D856EA743A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{4BC6D512-C91A-4CBD-8F40-B2A4FA8C325F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4D62293A-0B44-4530-863E-33325A5E49FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{584C37A1-A590-415D-A284-BC21857DE6F1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5AA55BE5-C38C-4574-A053-0DAD88A53790}" = dir=in | app=c:\users\dragues\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{5FFE9E62-24F7-483B-807F-4E743E0718E0}" = protocol=17 | dir=in | app=c:\users\dragues\appdata\roaming\utorrent\utorrent.exe | 
"{687A43EC-255D-46BD-AE6A-3C7AC891BBF3}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | 
"{6969FD72-F152-4B40-8B55-2E2A00DE089E}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6AE589E9-1F3C-4A28-9C2B-8DFCAF3EDF89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{79C99325-4685-4E16-9791-EC1FD9DA9A5C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7A5A13BC-5C40-4445-9136-19F05E251EE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C9B6904-2349-45A4-941A-C2604A1C84D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7FD099C7-39D9-4F6C-A022-AD4A0EACB321}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"{80784555-63C8-4A23-B8AF-FE90F2D19E0D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{81F08C3B-1188-4752-B60C-463F2C302CBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{825AF570-E43F-42EB-8664-99A74CCA8537}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{84F196F6-6850-4AB6-9168-7848DF60C9F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8818FC22-7F79-4291-87B7-35EEBC160734}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{8A71A2E8-18A2-4240-AD0C-B1A4940057B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FFF92BC-3507-4AD7-AF25-EFD04F371249}" = protocol=6 | dir=in | app=c:\users\dragues\appdata\roaming\utorrent\utorrent.exe | 
"{958B93DB-0E4C-444C-BF2E-8ED5FFDB054F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{9680944D-E304-4DA4-B7B6-59AB96457284}" = protocol=1 | dir=in | [email protected],-28543 | 
"{98593BA2-ADF2-4D1F-88B1-6A3A23B8E7F7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{9DDD615B-21CA-4093-B9B6-A5E13E2FC781}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | 
"{9DE62276-454D-4704-AC7C-E6F64183AF2A}" = protocol=17 | dir=in | app=c:\users\dragues\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9E4254EC-E271-47D6-8117-3E4FDFC83E40}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9E646CCC-D8A5-4D2C-844F-437D64D852C3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{9F394F50-2DE7-4A3E-BB09-209C90641B73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{A1BE0281-63D8-4E62-8409-684D44EAC10D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | 
"{A3B6EF47-7A3E-4302-89EC-B62CE0AE45DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A42C2FC1-6E74-499E-A7BD-10C242DEE77C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe | 
"{BB70DF6B-6DD2-40B4-BAE6-21BD30BFDD6E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{BC01CB45-1337-454C-A2F0-2733DFE8F684}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | 
"{BCBFC27A-1D5E-4762-B344-E32993398426}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | 
"{C0039C6A-A18B-4C3B-9151-87E8C5F128B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{C27A25A5-D613-4D18-9E43-FEA185FB5D55}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{C3AA1E29-0388-4152-AC2F-1C82CB8EE322}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C854D915-8273-4914-B1AD-521B65BE2D86}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{C98F078C-20EE-45DC-86B5-5B734570917F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CD92740B-1238-46F3-AD14-9920071CDD99}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{CF441040-BB82-48E7-8421-51F974D632DD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D15376E8-06B2-49D4-AF6C-214AB1440F81}" = protocol=6 | dir=out | app=system | 
"{DE966E41-E4DC-4323-B731-F39E7BD90A94}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{DF237D26-7864-4E10-8DE7-E4C12CD3CECB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DFE17734-598A-4AA0-AAFE-64D1AA40D13E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E024DBA1-E099-4C55-859B-ED9CEFC2D81B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | 
"{E28A6AB1-76C1-4F63-AE4C-77DB2CAED9AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{E3BC25B3-913A-4409-9A84-2894F86F6A85}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{E51DCF2C-61F3-436E-8D55-087359204986}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe | 
"{E7E82838-A242-4883-B125-A04D88AAC707}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{EF4A69D7-C97E-4408-B1D8-9B0BBC135BA4}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | 
"{F30D60FC-034D-4128-B3D1-944EBF714231}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FD9BEF04-77C3-4A55-AC89-8399EBA73E46}" = protocol=17 | dir=in | app=c:\users\dragues\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{140D19B1-0681-4466-BCD2-A913A44400E2}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"TCP Query User{7F17B443-ED09-4DEC-81F2-C72D0B4B5409}C:\users\dragues\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dragues\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{98F4A2DD-BBA9-4A9B-92BA-D0D4AFF2B1D5}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{520F6F4D-BC0F-43FF-AC71-75D487D38DB9}C:\users\dragues\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dragues\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{DE682C49-C39E-42ED-97D2-5360342C2D66}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{FB7B02E0-4647-46E7-8378-D17B073C571F}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Software Intel® PROSet/Wireless WiFi
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{306823F5-9E3B-6FEA-77B0-C9F9B725D7C4}" = AMD Catalyst Install Manager
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Monitor de la tecnología Intel® Turbo Boost 2.0
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"Dell Support Center" = Dell Support Center
"Elantech" = Dell Touchpad
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0EB158FA-41B3-49CF-8AE5-6C6F470AD29D}" = Photo Common
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{18C928E6-31F0-4DD5-BD4D-55FBCF599712}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.7.7114 (9eb64ec)
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{41AB2E48-E7FD-4AB0-A14C-821B4B51078B}" = Windows Live Family Safety
"{4224D19D-2E7D-4E90-97A4-20C654B28AB8}" = Windows Live Essentials
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{579E68B2-07A9-4CBB-840B-ED0E64879F45}" = Windows Live Writer
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78002155-F025-4070-85B3-7C0453561701}" = Compatibilidad con Aplicaciones de Apple
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel® WiDi
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99640CF0-5FE6-4574-87EE-D0A2EE5076AD}" = Windows Live Messenger
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3E8A13-7A99-447A-8396-2BF9D8B8E2C2}" = Dell Stage
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}" = Captcha Brotherhood
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D6100E77-DADB-4D81-B139-2D620323513D}" = Escenario Musical Dell
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3BF5D73-A024-4257-8160-5FAC3C8DE39F}" = Windows Live Mail
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F021D637-BBDA-486B-96F0-225B62596C3B}" = Nero 11
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = Conexant HD Audio
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F25C8769-16B6-4B19-BB0B-76F213829AC6}" = Movie Maker
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F7314CA2-F900-46D7-9EA1-FBDD9D73F765}" = Galería de fotos
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA40A77E-F3D5-45DF-9BC3-2E2E36C543B7}" = Windows Live Writer Resources
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Dell Webcam Central" = Dell Webcam Central
"D-Fend Reloaded" = D-Fend Reloaded 1.3.1 (desinstalar)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"eMule" = eMule
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Basic)
"MiPony" = MiPony 2.1.3
"mIRC" = mIRC
"Mozilla Firefox 31.0 (x86 es-MX)" = Mozilla Firefox 31.0 (x86 es-MX)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ST6UNST #1" = Brad Smith Easy SFV Creator
"WinLiveSuite" = Windows Live Essentials
"XSUBMuxer (de Perroman)_is1" = XSUBMuxer 1.0.0.37
"ZinioReader4" = Zinio Reader 4
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"iTunes Agent 1.2" = iTunes Agent 1.2
"iTunes Agent 1.3.4" = iTunes Agent 1.3.4
"SkyDriveSetup.exe" = Microsoft SkyDrive
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19/09/2014 12:49:20 a.m. | Computer Name = dragues-PC | Source = AVLogEvent | ID = 5005
Description = 
 
Error - 19/09/2014 12:50:20 a.m. | Computer Name = dragues-PC | Source = AVLogEvent | ID = 5005
Description = 
 
Error - 19/09/2014 12:51:20 a.m. | Computer Name = dragues-PC | Source = AVLogEvent | ID = 5005
Description = 
 
Error - 19/09/2014 12:52:20 a.m. | Computer Name = dragues-PC | Source = AVLogEvent | ID = 5005
Description = 
 
Error - 19/09/2014 12:53:20 a.m. | Computer Name = dragues-PC | Source = AVLogEvent | ID = 5005
Description = 
 
Error - 19/09/2014 12:54:20 a.m. | Computer Name = dragues-PC | Source = AVLogEvent | ID = 5005
Description = 
 
Error - 19/09/2014 01:01:15 a.m. | Computer Name = dragues-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Error en Servicios de cifrado mientras se procesaba el objeto "System
 Writer" de la llamada OnIdentity().  Details: AddWin32ServiceFiles: Unable to back
 up image of service McAfee Home Network since QueryServiceConfig API failed  System
 Error: El sistema no puede encontrar el archivo especificado.  .
 
Error - 19/09/2014 01:07:48 a.m. | Computer Name = dragues-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20/09/2014 02:18:44 a.m. | Computer Name = dragues-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20/09/2014 02:33:51 a.m. | Computer Name = dragues-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 18/09/2014 06:33:23 p.m. | Computer Name = dragues-PC | Source = bowser | ID = 8003
Description = 
 
Error - 18/09/2014 11:28:00 p.m. | Computer Name = dragues-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19/09/2014 12:20:02 a.m. | Computer Name = dragues-PC | Source = Service Control Manager | ID = 7024
Description = El servicio Firewall de Windows se cerró con el error específico de
 servicio %%5.
 
Error - 19/09/2014 12:20:29 a.m. | Computer Name = dragues-PC | Source = Service Control Manager | ID = 7009
Description = Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio
 Dell DataSafe Online.
 
Error - 19/09/2014 12:20:29 a.m. | Computer Name = dragues-PC | Source = Service Control Manager | ID = 7000
Description = El servicio Dell DataSafe Online no pudo iniciarse debido al siguiente
 error:   %%1053
 
Error - 19/09/2014 12:22:35 a.m. | Computer Name = dragues-PC | Source = Service Control Manager | ID = 7024
Description = El servicio Escucha de Grupo Hogar se cerró con el error específico
 de servicio %%-2147023143.
 
Error - 19/09/2014 12:56:05 a.m. | Computer Name = dragues-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19/09/2014 01:07:48 a.m. | Computer Name = dragues-PC | Source = Service Control Manager | ID = 7000
Description = El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente
 error:   %%2
 
Error - 20/09/2014 02:18:51 a.m. | Computer Name = dragues-PC | Source = Service Control Manager | ID = 7000
Description = El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente
 error:   %%2
 
Error - 20/09/2014 02:33:49 a.m. | Computer Name = dragues-PC | Source = Service Control Manager | ID = 7000
Description = El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente
 error:   %%2
 
 
< End of report >

  • 0

#6
BrianDrab
Posted 20 September 2014 - 08:04 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you, let's get started.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
 
  
 
 
Step#1 - Warnings
 
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
Please uninstall the following Peer-to-Peer program(s): uTorrent
To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

 

Step#2 - Run AdwCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
 
 
Step#3 - OTL Fix
1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 


:Commands
[CreateRestorePoint]
 
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc....r=285528264=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8735620E-D7A7-4BA2-A061-22B796F062FA}
IE:64bit: - HKLM\..\SearchScopes\{8735620E-D7A7-4BA2-A061-22B796F062FA}: "URL" = http://start.mysearc....r=285528264=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc....r=285528264=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc....r=285528264=
IE - HKCU\..\SearchScopes,DefaultScope = {8735620E-D7A7-4BA2-A061-22B796F062FA}
IE - HKCU\..\SearchScopes\{8735620E-D7A7-4BA2-A061-22B796F062FA}: "URL" = http://start.mysearc....r=285528264=
FF - prefs.js..browser.search.order.1: "Mysearchdial"
[2014/02/08 18:43:36 | 000,002,397 | ---- | M] () -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\searchplugins\Mysearchdial.xml
[2014/09/09 20:08:03 | 000,000,000 | ---D | M] ("Website Counselor") -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
[2014/03/30 19:23:53 | 000,000,000 | ---D | M] ("WebSite Recommendation") -- C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\[email protected]
CHR - homepage: http://start.mysearc....r=285528264=
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2014/08/30 13:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
 
:Commands
[EmptyTemp]

 
 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
 
Step#4 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
 
  
 
Items for your Next Post
1. AdwCleaner log
2. OTL Fix Log
3. FRST and Addition logs


  • 0

#7
dragues
Posted 21 September 2014 - 01:04 AM

dragues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Thank you again. The Addition.txt were not generated. Maybe because I ran Farbar Recovery Scan Tool a year ago.

 

Here are the logs:

 

# AdwCleaner v3.310 - Reporte Creado 21/09/2014 en 01:43:23
# Actualizado 12/09/2014 por Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nombre de usuario : dragues - DRAGUES-PC
# Ejecutado desde : C:\Users\dragues\Desktop\AdwCleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
Servicio Borrar : {55685567-4840-4a91-962b-49a412e9485a}Gw64
Servicio Borrar : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64
 
***** [ Archivos / Carpetas ] *****
 
Carpeta Borrar : C:\Program Files (x86)\SearchProtect
Carpeta Borrar : C:\Users\dragues\AppData\Local\lollipop
Carpeta Borrar : C:\Users\dragues\AppData\Roaming\DealPly
Carpeta Borrar : C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\Extensions\[email protected]
Carpeta Borrar : C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
Archivo Borrar : C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
Archivo Borrar : C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys
Archivo Borrar : C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
Archivo Borrar : C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\searchplugins\Mysearchdial.xml
Archivo Borrar : C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\user.js
Archivo Borrar : C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Archivo Borrar : C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Tareas ] *****
 
Tarea Borrar : Dealply
 
***** [ Accesos directos ] *****
 
 
***** [ Registro ] *****
 
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clave Borrar : HKCU\Software\InstallCore
Clave Borrar : HKCU\Software\lollipop
Clave Borrar : HKCU\Software\mysearchdial.com
Clave Borrar : HKCU\Software\powerpack
Clave Borrar : HKLM\SOFTWARE\Conduit
Clave Borrar : HKLM\SOFTWARE\SearchProtect
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
Ajustes Restaurar : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Ajustes Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Ajustes Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Ajustes Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v31.0 (x86 es-MX)
 
[ Archivo : C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\prefs.js ]
 
Linea borrada : user_pref("browser.search.order.1", "Mysearchdial");
Linea borrada : user_pref("extensions.irmysearch.aflt", "irmsd0103");
Linea borrada : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEtAyD0A0CtA0EyD0BtCtN0D0Tzu0SyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Linea borrada : user_pref("extensions.irmysearch.cr", "285528264");
Linea borrada : user_pref("extensions.irmysearch.instlRef", "");
Linea borrada : user_pref("extensions.mysearchdial.AL", 2);
Linea borrada : user_pref("extensions.mysearchdial.aflt", "irmsd0103");
Linea borrada : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Linea borrada : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEtAyD0A0CtA0EyD0BtCtN0D0Tzu0SyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Linea borrada : user_pref("extensions.mysearchdial.cntry", "MX");
Linea borrada : user_pref("extensions.mysearchdial.cr", "285528264");
Linea borrada : user_pref("extensions.mysearchdial.dfltLng", "");
Linea borrada : user_pref("extensions.mysearchdial.dfltSrch", true);
Linea borrada : user_pref("extensions.mysearchdial.dnsErr", true);
Linea borrada : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Linea borrada : user_pref("extensions.mysearchdial.excTlbr", false);
Linea borrada : user_pref("extensions.mysearchdial.hdrMd5", "3BCC73E48383C6B01648371DD3DB1A1D");
Linea borrada : user_pref("extensions.mysearchdial.hmpg", true);
Linea borrada : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEtAyD0A0CtA0EyD0BtCtN0D0Tzu0SyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutB[...]
Linea borrada : user_pref("extensions.mysearchdial.id", "D4BED9435AC3E5B1");
Linea borrada : user_pref("extensions.mysearchdial.instlDay", "16109");
Linea borrada : user_pref("extensions.mysearchdial.instlRef", "");
Linea borrada : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEtAyD0A0CtA0EyD0BtCtN0D0Tzu0SyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtA[...]
Linea borrada : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.017:22:56");
Linea borrada : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEtAyD0A0CtA0EyD0BtCtN0D0Tzu0SyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Linea borrada : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Linea borrada : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Linea borrada : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Linea borrada : user_pref("extensions.mysearchdial.sg", "none");
Linea borrada : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Linea borrada : user_pref("extensions.mysearchdial.tlbrId", "base");
Linea borrada : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEtAyD0A0CtA0EyD0BtCtN0D0Tzu0SyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
Linea borrada : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Linea borrada : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Linea borrada : user_pref("extensions.mysearchdial_i.hmpg", true);
Linea borrada : user_pref("extensions.mysearchdial_i.newTab", false);
Linea borrada : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Linea borrada : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.017:22:56");
 
-\\ Google Chrome v
 
[ Archivo : C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [16353 octets] - [20/10/2013 19:11:30]
AdwCleaner[R1].txt - [1193 octets] - [20/10/2013 20:44:50]
AdwCleaner[R2].txt - [10877 octets] - [21/09/2014 01:41:15]
AdwCleaner[S0].txt - [15112 octets] - [20/10/2013 19:14:36]
AdwCleaner[S1].txt - [1249 octets] - [20/10/2013 20:45:31]
AdwCleaner[S2].txt - [9389 octets] - [21/09/2014 01:43:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [9449 octets] ##########
 
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8735620E-D7A7-4BA2-A061-22B796F062FA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8735620E-D7A7-4BA2-A061-22B796F062FA}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8735620E-D7A7-4BA2-A061-22B796F062FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8735620E-D7A7-4BA2-A061-22B796F062FA}\ not found.
Prefs.js: "Mysearchdial" removed from browser.search.order.1
File C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\searchplugins\Mysearchdial.xml not found.
C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}\modules folder moved successfully.
C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}\chrome\skin\classic folder moved successfully.
C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}\chrome\skin folder moved successfully.
C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}\chrome\content folder moved successfully.
C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}\chrome folder moved successfully.
C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} folder moved successfully.
Folder C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\[email protected]\ not found.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Folder C:\Program Files (x86)\SearchProtect\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: dragues
->Temp folder emptied: 86843259 bytes
->Temporary Internet Files folder emptied: 217580601 bytes
->Java cache emptied: 308688 bytes
->FireFox cache emptied: 146346798 bytes
->Google Chrome cache emptied: 102652437 bytes
->Flash cache emptied: 92897 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 482232094 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95748 bytes
RecycleBin emptied: 811820730 bytes
 
Total Files Cleaned = 1,762.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09212014_015118
 
Files\Folders moved on Reboot...
C:\Users\dragues\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\dragues\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014
Ran by dragues (administrator) on DRAGUES-PC on 21-09-2014 01:58:46
Running from C:\Users\dragues\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Dell) C:\Users\dragues\AppData\Local\Apps\2.0\7RDNH1XR.WCN\H1JJO31B.JTZ\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3623957610-3708665639-4114120845-1001\...\Run: [DellSystemDetect] => C:\Users\dragues\AppData\Local\Apps\2.0\7RDNH1XR.WCN\H1JJO31B.JTZ\dell..tion_0f612f649c4a10af_0005.000b_17ede8fa7a4e5cac\DellSystemDetect.exe [267328 2014-09-20] (Dell)
HKU\S-1-5-21-3623957610-3708665639-4114120845-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x20000000
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dragues\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dragues\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dragues\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-mx.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-mx.xml
FF Extension: Widget context - C:\Users\dragues\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-05-31]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\Extensions\[email protected] [2014-07-12]
FF Extension: Cuevana Stream - C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012-11-16]
FF Extension: No Name - C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\dragues\AppData\Roaming\Mozilla\Firefox\Profiles\tdtexgid.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [Not Found]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\dragues\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\dragues\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-23]
CHR Extension: (Google Drive) - C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-23]
CHR Extension: (YouTube) - C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-23]
CHR Extension: (Google Search) - C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-23]
CHR Extension: (Google Wallet) - C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (No Name) - C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-10-29]
CHR Extension: (Gmail) - C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-23]
CHR HKCU\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\dragues\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx []
CHR HKLM-x32\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\dragues\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-19] ()
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-06-23] (Conexant Systems, Inc.)
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S2 mfecore; "C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2012-06-18] (Intel® Corporation) [File not signed]
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 01:57 - 2014-09-21 01:57 - 02105856 _____ (Farbar) C:\Users\dragues\Downloads\FRST64.exe
2014-09-21 01:57 - 2014-09-21 01:57 - 02105856 _____ (Farbar) C:\Users\dragues\Desktop\FRST64.exe
2014-09-21 01:55 - 2014-09-21 01:55 - 00008644 _____ () C:\Users\dragues\Desktop\09212014_015118.log
2014-09-21 01:51 - 2014-09-21 01:51 - 00000000 ____D () C:\_OTL
2014-09-21 01:50 - 2014-09-21 01:50 - 00009565 _____ () C:\Users\dragues\Desktop\AdwCleaner[S2].txt
2014-09-21 01:39 - 2014-09-21 01:39 - 01373475 _____ () C:\Users\dragues\Downloads\AdwCleaner.exe
2014-09-21 01:39 - 2014-09-21 01:39 - 01373475 _____ () C:\Users\dragues\Desktop\AdwCleaner.exe
2014-09-20 02:43 - 2014-09-20 02:53 - 492612712 _____ () C:\Users\dragues\Desktop\Video_AMD_W7All_A00_Setup-NCH68_ZPE.exe
2014-09-20 02:41 - 2014-09-20 02:41 - 00420552 _____ () C:\Users\dragues\Downloads\DellSystemDetect.exe
2014-09-20 01:50 - 2014-09-20 01:50 - 00076252 _____ () C:\Users\dragues\Desktop\Extras.Txt
2014-09-20 01:39 - 2014-09-20 01:39 - 00602112 _____ (OldTimer Tools) C:\Users\dragues\Desktop\OTL.exe
2014-09-18 23:20 - 2014-09-18 23:20 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-09-18 19:36 - 2014-09-20 01:49 - 00097896 _____ () C:\Users\dragues\Desktop\OTL.Txt
2014-09-16 12:37 - 2014-09-16 13:28 - 00000000 ____D () C:\Program Files\My Dell
2014-09-16 12:12 - 2014-09-16 12:12 - 00005884 _____ () C:\WirelessDiagLog.csv
2014-09-16 11:29 - 2014-09-16 12:34 - 00000000 ____D () C:\Users\dragues\AppData\Roaming\PCDr
2014-09-16 11:28 - 2014-09-16 12:37 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-16 10:51 - 2014-04-19 14:54 - 00000000 ____D () C:\Users\dragues\Downloads\__MACOSX
2014-09-16 10:38 - 2014-09-16 10:38 - 00000000 ____D () C:\ProgramData\Citrix
2014-09-16 10:37 - 2014-09-16 10:37 - 00000000 ____D () C:\Users\dragues\AppData\Local\Citrix
2014-09-16 10:37 - 2014-09-16 10:37 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-09-15 19:09 - 2014-09-15 19:09 - 00009234 _____ () C:\Users\dragues\Documents\Cuenta Olaf.xlsx
2014-09-15 17:24 - 2014-09-16 11:00 - 00000033 _____ () C:\Users\dragues\Desktop\WEP.txt
2014-09-15 02:19 - 2014-09-15 02:19 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-15 02:19 - 2014-09-15 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-15 02:17 - 2014-09-15 02:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 02:17 - 2014-09-15 02:19 - 00000000 ____D () C:\Program Files\iTunes
2014-09-15 02:17 - 2014-09-15 02:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-15 02:17 - 2014-09-15 02:17 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 00:37 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:37 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:37 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:37 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:37 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:37 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:37 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:37 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:37 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:37 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:37 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:37 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:37 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:37 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:37 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:37 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:37 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:37 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:37 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:37 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:37 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:37 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:37 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:37 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:37 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:37 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:37 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:37 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:37 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:37 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:37 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:37 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:37 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:37 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:37 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:37 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:37 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:37 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:37 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:37 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:37 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:37 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:37 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:37 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:37 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:37 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:37 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:37 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:37 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:37 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:37 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:37 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:37 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:37 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:37 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:37 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:21 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 00:21 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 00:21 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 00:21 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 00:12 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 00:12 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 00:12 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 00:12 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 00:12 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 02:19 - 2014-09-10 02:20 - 00000000 ____D () C:\d65777422acd7edf25aba29fb340a5
2014-09-10 02:07 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 02:07 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 01:42 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 01:42 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-07 12:33 - 2014-09-07 12:55 - 00010065 _____ () C:\Users\dragues\Documents\Cuentas Xochilita.xlsx
2014-09-06 04:22 - 2014-09-06 04:40 - 1514217972 _____ () C:\Users\dragues\Downloads\smv13503-1080p.mp4
2014-09-06 04:22 - 2014-09-06 04:36 - 1008662527 _____ () C:\Users\dragues\Downloads\smv13434-1080p.mp4
2014-08-31 15:25 - 2014-09-14 15:44 - 00000000 ____D () C:\Windows\rescache
2014-08-31 12:51 - 2014-08-31 12:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-30 13:56 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 13:56 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 13:56 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-30 13:39 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-30 13:39 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-30 13:39 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-30 13:39 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-30 13:38 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-30 13:38 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-30 13:38 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-30 13:38 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-30 13:38 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-30 13:38 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-30 13:38 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-30 13:38 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-30 13:38 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-30 13:38 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 01:58 - 2013-11-01 11:53 - 00018321 _____ () C:\Users\dragues\Desktop\FRST.txt
2014-09-21 01:58 - 2013-11-01 11:51 - 00000000 ____D () C:\FRST
2014-09-21 01:57 - 2014-09-21 01:57 - 02105856 _____ (Farbar) C:\Users\dragues\Downloads\FRST64.exe
2014-09-21 01:57 - 2014-09-21 01:57 - 02105856 _____ (Farbar) C:\Users\dragues\Desktop\FRST64.exe
2014-09-21 01:56 - 2012-07-29 08:30 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 01:55 - 2014-09-21 01:55 - 00008644 _____ () C:\Users\dragues\Desktop\09212014_015118.log
2014-09-21 01:54 - 2012-08-19 00:27 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-09-21 01:54 - 2012-08-16 18:32 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-09-21 01:54 - 2012-07-29 08:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-21 01:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 01:54 - 2009-07-13 23:51 - 00099558 _____ () C:\Windows\setupact.log
2014-09-21 01:53 - 2012-07-29 01:25 - 02057194 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 01:53 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 01:53 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 01:51 - 2014-09-21 01:51 - 00000000 ____D () C:\_OTL
2014-09-21 01:50 - 2014-09-21 01:50 - 00009565 _____ () C:\Users\dragues\Desktop\AdwCleaner[S2].txt
2014-09-21 01:44 - 2010-11-20 22:47 - 00267834 _____ () C:\Windows\PFRO.log
2014-09-21 01:43 - 2013-10-20 19:11 - 00000000 ____D () C:\AdwCleaner
2014-09-21 01:39 - 2014-09-21 01:39 - 01373475 _____ () C:\Users\dragues\Downloads\AdwCleaner.exe
2014-09-21 01:39 - 2014-09-21 01:39 - 01373475 _____ () C:\Users\dragues\Desktop\AdwCleaner.exe
2014-09-21 01:36 - 2010-11-21 02:09 - 00747970 _____ () C:\Windows\system32\perfh00A.dat
2014-09-21 01:36 - 2010-11-21 02:09 - 00159410 _____ () C:\Windows\system32\perfc00A.dat
2014-09-21 01:36 - 2009-07-14 00:13 - 01678218 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 01:33 - 2014-06-24 00:57 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001Core1cf8f712f9cb0d0.job
2014-09-21 01:33 - 2012-08-25 16:35 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001UA.job
2014-09-21 01:33 - 2012-08-10 20:23 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001UA.job
2014-09-21 01:33 - 2012-08-10 20:23 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001Core.job
2014-09-20 10:12 - 2012-07-29 08:50 - 00028296 _____ () C:\Windows\DPINST.LOG
2014-09-20 10:12 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-20 10:11 - 2012-08-12 20:32 - 00000000 ____D () C:\Users\dragues\AppData\Roaming\uTorrent
2014-09-20 10:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-20 02:53 - 2014-09-20 02:43 - 492612712 _____ () C:\Users\dragues\Desktop\Video_AMD_W7All_A00_Setup-NCH68_ZPE.exe
2014-09-20 02:43 - 2013-06-23 13:58 - 00000000 ____D () C:\Users\dragues\AppData\Local\Deployment
2014-09-20 02:41 - 2014-09-20 02:41 - 00420552 _____ () C:\Users\dragues\Downloads\DellSystemDetect.exe
2014-09-20 01:50 - 2014-09-20 01:50 - 00076252 _____ () C:\Users\dragues\Desktop\Extras.Txt
2014-09-20 01:49 - 2014-09-18 19:36 - 00097896 _____ () C:\Users\dragues\Desktop\OTL.Txt
2014-09-20 01:39 - 2014-09-20 01:39 - 00602112 _____ (OldTimer Tools) C:\Users\dragues\Desktop\OTL.exe
2014-09-19 00:06 - 2012-07-29 09:11 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-19 00:06 - 2012-07-29 09:11 - 00000000 ____D () C:\Program Files\mcafee
2014-09-19 00:06 - 2012-07-29 09:11 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-09-19 00:05 - 2012-10-05 23:35 - 00000000 ___RD () C:\Users\dragues\Dropbox
2014-09-19 00:04 - 2013-05-14 19:00 - 00000000 ____D () C:\Program Files (x86)\RapidShareManager
2014-09-18 23:28 - 2012-10-05 23:32 - 00000000 ____D () C:\Users\dragues\AppData\Roaming\Dropbox
2014-09-18 23:20 - 2014-09-18 23:20 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-09-18 23:20 - 2012-08-10 17:48 - 00000000 ____D () C:\Users\dragues
2014-09-18 23:19 - 2012-08-19 00:27 - 00017408 ____N () C:\Windows\SysWOW64\rpcnetp.exe
2014-09-18 23:18 - 2013-10-05 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSUBMuxer
2014-09-18 23:18 - 2013-10-05 18:15 - 00000000 ____D () C:\Program Files (x86)\XSUBMuxer
2014-09-18 23:18 - 2013-06-23 14:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-09-18 23:18 - 2012-08-10 17:48 - 00000000 ____D () C:\Users\dragues\AppData\Roaming\Intel
2014-09-18 23:18 - 2012-07-29 08:46 - 00000000 ____D () C:\ProgramData\Intel
2014-09-18 23:18 - 2012-07-29 08:44 - 00000000 ____D () C:\Program Files\Intel
2014-09-18 23:18 - 2012-07-29 01:24 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-09-18 23:18 - 2010-11-21 02:19 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-18 23:17 - 2013-06-23 14:17 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-09-18 23:17 - 2012-07-29 01:24 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-18 23:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-09-17 20:29 - 2012-10-05 23:35 - 00001029 _____ () C:\Users\dragues\Desktop\Dropbox.lnk
2014-09-17 20:29 - 2012-10-05 23:32 - 00000000 ____D () C:\Users\dragues\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-16 22:39 - 2013-01-20 23:45 - 00000000 ____D () C:\Users\dragues\Downloads\uTorrent
2014-09-16 13:30 - 2012-07-29 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-16 13:30 - 2012-07-29 09:10 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-09-16 13:29 - 2012-08-15 20:31 - 00000000 ____D () C:\Users\dragues\Desktop\Download
2014-09-16 13:29 - 2012-07-29 09:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2014-09-16 13:28 - 2014-09-16 12:37 - 00000000 ____D () C:\Program Files\My Dell
2014-09-16 13:27 - 2012-08-10 22:57 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-16 12:51 - 2012-07-29 08:54 - 00000000 ____D () C:\Temp
2014-09-16 12:37 - 2014-09-16 11:28 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-16 12:34 - 2014-09-16 11:29 - 00000000 ____D () C:\Users\dragues\AppData\Roaming\PCDr
2014-09-16 12:12 - 2014-09-16 12:12 - 00005884 _____ () C:\WirelessDiagLog.csv
2014-09-16 11:00 - 2014-09-15 17:24 - 00000033 _____ () C:\Users\dragues\Desktop\WEP.txt
2014-09-16 10:38 - 2014-09-16 10:38 - 00000000 ____D () C:\ProgramData\Citrix
2014-09-16 10:37 - 2014-09-16 10:37 - 00000000 ____D () C:\Users\dragues\AppData\Local\Citrix
2014-09-16 10:37 - 2014-09-16 10:37 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-09-15 19:13 - 2013-05-19 00:25 - 00000000 ____D () C:\Users\dragues\AppData\Roaming\Mipony
2014-09-15 19:09 - 2014-09-15 19:09 - 00009234 _____ () C:\Users\dragues\Documents\Cuenta Olaf.xlsx
2014-09-15 15:45 - 2013-12-17 23:08 - 00000000 ____D () C:\Users\dragues\Documents\Cámara
2014-09-15 02:19 - 2014-09-15 02:19 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-15 02:19 - 2014-09-15 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-15 02:19 - 2014-09-15 02:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 02:19 - 2014-09-15 02:17 - 00000000 ____D () C:\Program Files\iTunes
2014-09-15 02:19 - 2014-09-15 02:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-15 02:18 - 2013-05-19 00:27 - 00000000 ____D () C:\Users\dragues\Documents\Mipony
2014-09-15 02:17 - 2014-09-15 02:17 - 00000000 ____D () C:\Program Files\iPod
2014-09-15 01:57 - 2014-05-21 23:54 - 00000066 _____ () C:\Users\dragues\AppData\Roaming\WB.CFG
2014-09-14 21:08 - 2012-08-25 16:37 - 00002382 _____ () C:\Users\dragues\Desktop\Google Chrome.lnk
2014-09-14 20:34 - 2013-05-22 00:19 - 00000000 ____D () C:\Users\dragues\AppData\Local\Captcha_Brotherhood
2014-09-14 20:05 - 2013-05-24 00:39 - 00000000 ____D () C:\Users\dragues\Downloads\JDownloader
2014-09-14 15:44 - 2014-08-31 15:25 - 00000000 ____D () C:\Windows\rescache
2014-09-13 12:56 - 2012-07-29 08:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-13 12:56 - 2012-07-29 08:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-13 12:56 - 2012-07-29 08:30 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-12 00:37 - 2013-05-14 18:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:36 - 2011-02-12 07:26 - 01652804 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:35 - 2014-05-01 14:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 02:20 - 2014-09-10 02:19 - 00000000 ____D () C:\d65777422acd7edf25aba29fb340a5
2014-09-10 02:19 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 02:07 - 2012-08-16 00:18 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 01:05 - 2012-08-10 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-07 12:55 - 2014-09-07 12:33 - 00010065 _____ () C:\Users\dragues\Documents\Cuentas Xochilita.xlsx
2014-09-06 04:40 - 2014-09-06 04:22 - 1514217972 _____ () C:\Users\dragues\Downloads\smv13503-1080p.mp4
2014-09-06 04:36 - 2014-09-06 04:22 - 1008662527 _____ () C:\Users\dragues\Downloads\smv13434-1080p.mp4
2014-09-05 22:51 - 2012-08-10 20:18 - 00000000 ____D () C:\Users\dragues\AppData\Roaming\Skype
2014-09-05 21:18 - 2009-07-13 23:45 - 00431696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-04 21:10 - 2014-09-12 00:21 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:05 - 2014-09-12 00:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-31 22:46 - 2013-05-14 18:14 - 00000000 ____D () C:\Users\dragues\AppData\Local\Microsoft Help
2014-08-31 12:51 - 2014-08-31 12:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-25 06:53 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 21:07 - 2014-08-30 13:56 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-30 13:56 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-30 13:56 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 01:17
 
==================== End Of Log ============================
 

  • 0

#8
BrianDrab
Posted 21 September 2014 - 03:24 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

You're exactly correct. Here's how we can get that Addition.txt file. Also, how is your machine running now?

 

Step#1 - Let's get that Addition.txt File
 
1. Right click on FRST64 and select Run as administrator.
2. Ensure that the Addition.txt check box is checked in the Optional Scan area at the bottom of the screen.
3. Press the Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop). We will not need this log this time.
5. Another log will be created (Addition.txt - also located in the same directory as FRST64.exe).
6. Please paste the contents of the Addition.txt log in your next reply.


  • 0

#9
dragues
Posted 21 September 2014 - 07:23 AM

dragues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Definitely I feel faster my machine. But when I open my browser, it still opens another window called search dial. Here is the log. Thank you

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014
Ran by dragues at 2014-09-21 08:20:55
Running from C:\Users\dragues\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Catalyst Install Manager (HKLM\...\{306823F5-9E3B-6FEA-77B0-C9F9B725D7C4}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brad Smith Easy SFV Creator (HKLM-x32\...\ST6UNST #1) (Version:  - )
Captcha Brotherhood (HKLM-x32\...\{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}) (Version: 1.1.8 - Brotherhood Software)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.30.0 - Conexant)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
CyberLink PowerDVD 11 (x32 Version: 11.0.1620.51 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.3 - Illustrate)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{BF3E8A13-7A99-447A-8396-2BF9D8B8E2C2}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.11.0.2 - Dell)
Dell Touchpad (HKLM\...\Elantech) (Version: 10.3.2.2 - ELAN Microelectronic Corp.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.18 - Creative Technology Ltd)
D-Fend Reloaded 1.3.1 (desinstalar) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.1 - Alexander Herzog)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
eMule (HKLM-x32\...\eMule) (Version:  - )
Escenario Musical Dell (HKLM-x32\...\{D6100E77-DADB-4D81-B139-2D620323513D}) (Version: 1.6.225.0 - Fingertapps)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
High-Definition Video Playback (x32 Version: 11.1.10400.2.65 - Nero AG) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0191 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
iTunes Agent 1.2 (HKCU\...\iTunes Agent 1.2) (Version:  - )
iTunes Agent 1.3.4 (HKCU\...\iTunes Agent 1.3.4) (Version:  - )
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.1.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.1.0 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiPony 2.1.3 (HKLM-x32\...\MiPony) (Version: 2.1.3 - )
mIRC (HKLM-x32\...\mIRC) (Version: 7.29 - mIRC Co. Ltd.)
Monitor de la tecnología Intel® Turbo Boost 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 es-MX)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.6.7.7114 (9eb64ec) (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero 11 (HKLM-x32\...\{F021D637-BBDA-486B-96F0-225B62596C3B}) (Version: 11.0.11000 - Nero AG)
Nero 11 Disc Menus Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Effects Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects Basic (x32 Version: 11.0.11300.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Nero Burning ROM 11 (x32 Version: 11.0.12200.23.100 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12800.0.8 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero ControlCenter 11 (x32 Version: 11.0.12300.0.23 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.15000.1.12 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Express 11 (x32 Version: 11.0.11700.23.100 - Nero AG) Hidden
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10623.22.0 - Nero AG) Hidden
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.14.010 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.61.612.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless WiFi (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.11500.11.105 - Nero AG) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{A57A9AE3-09A9-44A0-AA78-458C71DA6FDE}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{837C1EAC-6A89-44A0-8C45-E655AAFD8CE1}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XSUBMuxer 1.0.0.37 (HKLM-x32\...\XSUBMuxer (de Perroman)_is1) (Version:  - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dragues\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\dragues\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\dragues\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\dragues\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dragues\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\dragues\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\dragues\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dragues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3623957610-3708665639-4114120845-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dragues\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
18-09-2014 05:00:00 Punto de control programado
19-09-2014 03:45:51 Removed Intel® PROSet/Wireless for Bluetooth® + High Speed
19-09-2014 03:57:24 Removed Software Intel® PROSet/Wireless WiFi
19-09-2014 04:14:09 Operación de restauración
19-09-2014 05:01:07 Removed Blio.
20-09-2014 08:12:50 Windows Update
20-09-2014 15:10:19 Dell
21-09-2014 06:51:34 OTL Restore Point - 21/09/2014 01:51:29 a.m.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-11-01 17:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3EA1D728-784F-4B6E-83A9-FE53CAF15A7C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001Core => C:\Users\dragues\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10] (Facebook Inc.)
Task: {61AD8E84-7AFC-47ED-8D24-05104752BEBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: {6E64AE14-397C-44CF-9AC7-26415F1DF0F3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001UA => C:\Users\dragues\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10] (Facebook Inc.)
Task: {74325BE3-FFB9-4AFB-A241-DDF27213C651} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B065B946-AE93-4451-AE9D-B291E01FDD3A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001Core1cf8f712f9cb0d0 => C:\Users\dragues\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {F03370CA-D699-4B46-A764-16A5D7F019AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001UA => C:\Users\dragues\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001Core.job => C:\Users\dragues\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001UA.job => C:\Users\dragues\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001Core1cf8f712f9cb0d0.job => C:\Users\dragues\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623957610-3708665639-4114120845-1001UA.job => C:\Users\dragues\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-11 00:53 - 2011-04-19 22:56 - 00083240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-07-29 10:04 - 2012-03-19 18:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-29 08:45 - 2012-04-05 14:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2012-07-29 08:54 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-13 12:36 - 2014-09-13 12:36 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\27372090b75ca919048606aad2206bf4\IsdiInterop.ni.dll
2012-07-29 08:46 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-29 08:45 - 2012-01-21 06:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-14 21:07 - 2014-09-03 22:01 - 01098056 _____ () C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-14 21:07 - 2014-09-03 22:01 - 00174408 _____ () C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-14 21:07 - 2014-09-03 22:01 - 08577864 _____ () C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-14 21:07 - 2014-09-03 22:01 - 00331592 _____ () C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-14 21:07 - 2014-09-03 22:01 - 01660232 _____ () C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-14 21:07 - 2014-09-03 22:01 - 14891848 _____ () C:\Users\dragues\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dragues^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\dragues\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\dragues\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: ETDCtrl => C:\Program Files\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\dragues\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\dragues\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 => "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Adaptador de minipuerto WiFi virtual de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2014 08:10:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2014 01:54:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2014 01:45:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 10:24:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 10:14:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 09:55:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 01:57:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 01:55:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/20/2014 01:55:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error: (09/20/2014 01:55:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992
 
 
System errors:
=============
Error: (09/21/2014 08:10:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (09/21/2014 01:54:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (09/21/2014 01:51:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (09/21/2014 01:45:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (09/20/2014 11:22:34 AM) (Source: bowser) (EventID: 8003) (User: )
Description: El explorador maestro recibió una notificación del equipo ROBERTO-MAFER
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{A780B4AD-2369-44DD-BA4D-A05E1EA9463D}.
El explorador maestro está detenido o se está forzando una elección.
 
Error: (09/20/2014 10:24:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (09/20/2014 10:13:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (09/20/2014 09:55:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (09/20/2014 01:57:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio McAfee Anti-Malware Core no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (09/20/2014 01:56:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 01:55:16 a.m. del ‎20/‎09/‎2014 resultó inesperado.
 
 
Microsoft Office Sessions:
=========================
Error: (09/21/2014 08:10:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2014 01:54:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2014 01:45:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 10:24:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 10:14:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 09:55:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 01:57:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2014 01:55:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/20/2014 01:55:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error: (09/20/2014 01:55:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-05 22:16:58.315
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-09-05 21:36:16.748
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-08-25 19:01:22.774
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-05-31 17:29:44.181
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-05-31 17:27:49.573
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-05-31 17:08:00.386
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-05-31 16:57:29.269
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-05-31 16:45:22.052
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-05-22 01:39:48.471
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-05-22 00:36:58.241
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3612QM CPU @ 2.10GHz
Percentage of memory in use: 29%
Total physical RAM: 8067.36 MB
Available physical RAM: 5710.26 MB
Total Pagefile: 16132.89 MB
Available Pagefile: 13557.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:159.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 9F766629)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#10
BrianDrab
Posted 21 September 2014 - 08:49 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, Let's see what we can do about that. Please follow the instructions below.

 

Step#1 - Warnings

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): eMule

To uninstall on Windows 7, you can:

 

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

 

No Registered Antivirus

It appears that you may use McAfee Antivirus but it may not be installed correctly. Can you confirm for me exactly which Antivirus you have installed and if it's the paid version or free version?

 

 

 

Step#2 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   491bytes   123 downloads

 

Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

 

Step#4 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#5 - Security Check
 
1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

 

  

 

Items for your next Post

 

 

1. What Antivirus are you using and is it the free or paid version?

2. FRST Fix log

3 Malwarebytes log

4. Rootkit scan log

5. Security Check log

 


Edited by BrianDrab, 21 September 2014 - 08:51 AM.

  • 0

Advertisements

#11
dragues
Posted 21 September 2014 - 09:53 AM

dragues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

1. What Antivirus are you using and is it the free or paid version?

I was using McAffee. It was the paid version but the suscription expired a few months ago and I uninstalled it a few days ago. So right now I'm not using anyone. Can you recommend me a good and free one, please?

 

2. FRST Fix log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014
Ran by dragues at 2014-09-21 10:07:38 Run:1
Running from C:\Users\dragues\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
CHR Extension: (No Name) - C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-10-29]
CHR HKCU\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\dragues\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx []
CHR HKLM-x32\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\dragues\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx []
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\dragues\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\npiecjlhkngdinoeekmccdbjdgclmnbk" => Key deleted successfully.
"C:\Users\dragues\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\npiecjlhkngdinoeekmccdbjdgclmnbk" => Key deleted successfully.
"C:\Users\dragues\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx" => File/Directory not found.
 

 

==== End of Fixlog ====

 

3 Malwarebytes log

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/09/2014
Scan Time: 10:13:23 a.m.
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.21.05
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: dragues
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335208
Time Elapsed: 7 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)

 

4. Rootkit scan log

I tried running this aplication three times, but it always crashed. I attach an image.

 

5. Security Check log

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (31.0) 
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

  • 0

#12
dragues
Posted 21 September 2014 - 09:54 AM

dragues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Sin título.png


  • 0

#13
BrianDrab
Posted 21 September 2014 - 10:03 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Excellent. Things are looking good. I'll provide recommendations for good free Antivirus shortly. Also don't worry about the crash on the Rootkit scan for the moment. We may use a different tool. But first, how is your machine now? I want to ensure I cover what I need to in my next post to you. Thank you.


  • 0

#14
dragues
Posted 21 September 2014 - 10:21 AM

dragues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
My machine is pretty fast. When I restart windows I can open any program very fast, instead of before your help that I had to wait 5 or sometimes 10 minutes. My problem when I mouse over a picture it gave me a popup with simiilar items from other stores is gone. The internet hasn't crashed and the webpage of search dial is gone also. So everything looks great, thank you.

  • 0

#15
BrianDrab
Posted 21 September 2014 - 01:33 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Before we do anything else, let's get you a good free antivirus installed.
 
Step#1 - McAfee Uninstall Tool
There are remnants of Mcafee that need to be cleaned up before we install a new AV.
1. Please download the removal tool from here and save it to your desktop.
2. Open up the program and run it and answer all the prompts appropriately to continue.
3. When you see the message CleanUp Successful, restart your computer.
 
 
Step#2 -  Install an Antivirus

It's critical that you have a reputable antivirus software installed on your machine at all times. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed a couple recommended free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves. I personally use Microsoft Security Essentials on my home PCs but the choice is yours.

avast! Home Edition an excellent free AV.
Microsoft Security Essentials
 
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is not actively monitoring your machine so it won't conflict with the Antivirus that you decide to install. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.

 

Let me know when this is complete and we will perform some final steps. Thank you.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP