Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with adware!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with adware!

Unread postby javier910 » July 12th, 2013, 12:09 pm

Hello,

I am new to this forum and I would like to get rid of annoying ads popping up in the southern right corner of my screen. I have tried using the Sophos anti-virus and the Malwarebytes software without any success. Any help is highly appreciated.
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm
Advertisement
Register to Remove

Re: Help with adware!

Unread postby askey127 » July 12th, 2013, 4:04 pm

Hi javier910,
Go ahead and read this, as you should have prior to posting.
viewtopic.php?f=11&t=47959
Per the part labeled "What we need from you", please download and run the DDS program, and post the resulting two logs.
Without the contents of the logs, helpers cannot decide or even comment about your situation.
I will help when you are able to post the logs.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 12th, 2013, 6:08 pm

Sorry askey 127, here are the logs,

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.25.2
Run by Luis Javier at 17:03:03 on 2013-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.1665 [GMT -5:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=121845 ... EEE6C7E923
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uURLSearchHooks: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.2\pdfforgeToolbarIE.dll
uURLSearchHooks: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\7.2\dealioToolbarIE.dll
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
uURLSearchHooks: FreeRIP Toolbar: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\7.2\freeripToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\7.2\dealioToolbarIE.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: dymanet: {64c6c7b0-3789-a383-e982-ecc5a035eed3} - C:\Windows\SysWOW64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.2\pdfforgeToolbarIE.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.0\bh\delta.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} -
BHO: FreeRIP Toolbar: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\7.2\freeripToolbarIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.0\deltaTlbr.dll
TB: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.2\pdfforgeToolbarIE.dll
TB: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\7.2\dealioToolbarIE.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
TB: FreeRIP Toolbar: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\7.2\freeripToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
uRun: [Facebook Update] "C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DownloadManager] "C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe" /as
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify] "C:\Users\Luis Javier\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Brdefprn] C:\Program Files (x86)\Brother\BRHL2170\Brdefprn.exe -d
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [tutoriales100_mx_11] "C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\LUISJA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\LUISJA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HERRAM~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/So ... b56986.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 10.3.77.10 10.3.1.100
TCP: Interfaces\{54D7BC1F-2D45-41F2-B3F1-00FCF3233219} : DHCPNameServer = 10.3.77.10 10.3.1.100
TCP: Interfaces\{54D7BC1F-2D45-41F2-B3F1-00FCF3233219}\259455 : DHCPNameServer = 132.248.10.2 132.248.204.1
TCP: Interfaces\{A2B22902-3A30-4E4D-9F12-1B6DB8D88653} : DHCPNameServer = 137.82.27.42 142.103.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=121845 ... EEE6C7E923
FF - prefs.js: keyword.URL - hxxp://mx.search.yahoo.com/search?fr=gr ... =386496&p=
FF - component: C:\Program Files (x86)\Dealio Toolbar\FF\components\dealioFF.dll
FF - component: C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\pdfforge Toolbar\FF\components\pdfforgeFF.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_25.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - Ext: z: {81df63a1-ec2c-5b84-0e9f-1007a5009873} - C:\Program Files (x86)\Mozilla Firefox\extensions\{81df63a1-ec2c-5b84-0e9f-1007a5009873}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - Ext: SavingsApp: crossriderapp4639@crossrider.com - %profile%\extensions\crossriderapp4639@crossrider.com
FF - Ext: Zoom Downloader: downloadmanager@zoomdownloader.com - %profile%\extensions\downloadmanager@zoomdownloader.com
FF - Ext: Delta Toolbar: ffxtlbr@delta.com - %profile%\extensions\ffxtlbr@delta.com
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 8a1f726b0000000000000ceee6c7e923
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15844
FF - user.js: extensions.delta.vrsn - 1.8.21.0
FF - user.js: extensions.delta.vrsni - 1.8.21.0
FF - user.js: extensions.delta.vrsnTs - 1.8.21.013:38:31
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121845&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-3 55856]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2012-12-22 154952]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-24 292864]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-28 25928]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-3-10 37344]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-21 216064]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-17 215040]
S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2012-8-4 36640]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-17 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2011-3-12 25608]
.
=============== Created Last 30 ================
.
2013-07-12 15:36:43 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{872E0589-E1DB-479C-8B36-84B523329941}\mpengine.dll
2013-07-12 05:06:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 05:18:32 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 05:17:14 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 05:17:14 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-01 02:43:49 -------- d-s---w- C:\Users\Luis Javier\Google Drive
2013-07-01 02:17:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 14:57:02 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-25 14:57:01 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-24 02:08:15 -------- d-----w- C:\Program Files (x86)\FreeRIP Toolbar
2013-06-22 21:55:13 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2013-06-20 18:25:42 -------- d-----w- C:\Users\Luis Javier\AppData\Local\Spotify
2013-06-20 18:25:19 -------- d-----w- C:\Users\Luis Javier\AppData\Roaming\Spotify
2013-06-15 15:02:52 -------- d-----w- C:\Program Files (x86)\Dealio Toolbar
2013-06-15 00:12:39 -------- d-----w- C:\Program Files (x86)\pdfforge Toolbar
2013-06-12 22:17:59 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 22:15:44 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 22:15:44 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
==================== Find3M ====================
.
2013-07-01 02:17:10 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-01 02:17:10 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-04 14:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-06-04 14:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-19 17:27:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-19 17:27:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-17 06:14:05 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-05-16 18:21:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 17:10:29 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 16:44:21 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
.
============= FINISH: 17:05:54.23 ===============
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby javier910 » July 12th, 2013, 6:08 pm

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/01/2010 1:42:51 AM
System Uptime: 12/07/2013 2:23:57 PM (3 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | CPU | 1197/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 44.149 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.092 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_360B103C&REV_02\01000000FFFF000000
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_360B103C&REV_02\01000000FFFF000000
Service: RTL8167
.
==== System Restore Points ===================
.
RP474: 21/06/2013 12:21:46 PM - Windows Update
RP475: 24/06/2013 11:16:07 PM - Windows Update
RP476: 25/06/2013 4:45:59 PM - Windows Modules Installer
RP477: 25/06/2013 4:55:55 PM - Windows Modules Installer
RP478: 26/06/2013 12:00:41 AM - Windows Update
RP479: 26/06/2013 11:27:08 AM - Installed Samsung Story Album Viewer
RP480: 29/06/2013 1:54:27 AM - OTL Restore Point - 6/29/2013 1:54:24 AM
RP481: 30/06/2013 9:15:08 PM - Installed Java 7 Update 25
RP482: 03/07/2013 10:36:37 AM - Windows Update
RP484: 09/07/2013 10:59:24 AM - Windows Update
RP485: 11/07/2013 12:07:25 AM - Windows Update
RP486: 11/07/2013 11:53:05 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
A-PDF Page Master
A-PDF Scan Optimizer
Acrobat.com
Activate Norton Online Backup
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.5
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
µTorrent
AVCWare iPod to iPod/Computer/iTunes Transfer
Bing Bar
BitTorrent
Bonjour
Brother HL-2170W
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Contextual Tracker Dymanet
Copy
CopyTrans Suite Remove Only
CyberLink DVD Suite
CyberLink YouCam
Dealio Toolbar v7.2
Delta Chrome Toolbar
Delta toolbar
Destinations
DeviceDiscovery
DivX Setup
DJ_AIO_05_F4400_Software_Min
Dropbox
Easy Phone Tunes
EViews 5
F4400
Facebook Video Calling 1.2.0.287
FLV Player X
FreeRIP Toolbar v7.2
FreeRIP v3.61
Google Chrome
Google Drive
Google Update Helper
GPBaseService2
Graphmatica
HDAUDIO Soft Data Fax Modem with SmartCP
HeidiSQL 6.0
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP DVD Play 3.7
HP Games
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Product Detection
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides 0156
HP Wireless Assistant
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iCal 4.1 Web Calendar
Intel(R) Graphics Media Accelerator Driver
iPod PC Transfer 6.4
iPod to Computer Transfer 4.8.3
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 37
JavaFX 2.1.0
Junk Mail filter update
LabelPrint
LightScribe System Software
LizardTech DjVu Control
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Media Player Codec Pack 3.9.5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
Microsoft Works
MobileMe Control Panel
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.2.0
Move Media Player
Mozilla Firefox (3.6.28)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
muvee Reveal
MyFreeCodec
MySQL Workbench 5.2 CE
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
novaPDF Standard Desktop 7.0 printer
Octoshape add-in for Adobe Flash Player
PDFCreator
pdfforge Toolbar v7.2
Pharos
PlayFLV
Power2Go
PowerDirector
PowerRecover
Primo
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Rosetta Stone Version 3
Runtime
Safari
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
SavingsApp
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB2251481)
Shop for HP Supplies
Skype Toolbars
Skype™ 6.3
SolutionCenter
Sony Picture Utility
Sophos Anti-Virus
Sophos AutoUpdate
Spotify
SQLXML4
Status
Street-Ads Browser Enhancer
Synaptics Pointing Device Driver
The Options Toolbox v5.0
Time Adjuster STANDARD 3.1
Toolbox
TrayApp
tutoriales100_mx_11
Universal Document Converter (Demo)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
Videora iPod Converter 5.04
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.5
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
WinX DVD Author 6.2
WinX DVD Ripper 5.5.8
Xvid 1.2.1 final uninstall
Yahoo! Toolbar
YouTube Downloader 2.7
YouTube Downloader App 2.03
YTD Toolbar v7.2
Zoom Downloader
.
==== Event Viewer Messages From Past Week ========
.
12/07/2013 10:32:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/07/2013 10:30:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/07/2013 10:30:49 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/07/2013 10:30:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/07/2013 10:30:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/07/2013 11:47:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Nero BackItUp Scheduler 4.0 service to connect.
11/07/2013 11:47:36 AM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/07/2013 11:46:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
11/07/2013 11:45:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MotoHelper Service service to connect.
11/07/2013 11:45:49 AM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/07/2013 5:03:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
10/07/2013 5:03:06 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/07/2013 10:55:27 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
09/07/2013 10:53:27 AM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
09/07/2013 10:53:27 AM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
09/07/2013 10:53:27 AM, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
09/07/2013 10:53:27 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09/07/2013 10:53:27 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/07/2013 10:53:27 AM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
09/07/2013 10:53:27 AM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 12th, 2013, 8:17 pm

javier910,
-----------------------------------------------
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared torrent files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

µTorrent
BitTorrent
Dealio Toolbar v7.2
Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 37
PDFCreator
YTD Toolbar v7.2
Zoom Downloader

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-------------------------------------------------------------
AdwCleaner Download
Please download AdwCleaner from HERE and save it to your desktop or somewhere you can find it.
-------------------------------------------------------------
AdwCleaner Removals
  • Close all open programs and internet browsers.
  • Right click AdwCleaner and choose "Run as administrator".
  • Click on the Delete button.
  • Click OK to the prompts.
  • Your computer will be rebooted automatically. A log will open after the restart.
  • Post the contents of the log in your next reply.
You can also find the log in the main directory of the C: drive as C:\AdwCleaner[S1].txt
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • AdwCleaner[S1].txt
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
The Extras.txt file will only show up in Notepad the very first time you run OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 12th, 2013, 11:42 pm

Hello Askey 127, here are the logs you requested:

AdwCleaner[S1].txt:

# AdwCleaner v2.305 - Logfile created 07/12/2013 at 22:04:38
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Luis Javier - LUISJAVIER-PC
# Boot Mode : Normal
# Running from : C:\Users\Luis Javier\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\SavingsApp
Deleted on reboot : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\extensions\freerip@mybrowserbar.com
Deleted on reboot : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\searchplugins\delta.xml
File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Documentation and Tutorials\SQL Server Books Online.lnk
File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Documentation and Tutorials\Tutorials\SQL Server Mobile Edition Tutorials.lnk
File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Documentation and Tutorials\Tutorials\SQL Server Tutorials.lnk
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\delta
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\FreeRIP Toolbar
Folder Deleted : C:\Program Files (x86)\FreeRIP3
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tutoriales100
Folder Deleted : C:\Users\Luis Javier\AppData\Local\EoRezo
Folder Deleted : C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\Luis Javier\AppData\Local\SavingsApp
Folder Deleted : C:\Users\Luis Javier\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Luis Javier\AppData\LocalLow\FreeRIP
Folder Deleted : C:\Users\Luis Javier\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Luis Javier\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Luis Javier\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Luis Javier\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Luis Javier\AppData\Roaming\delta
Folder Deleted : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\extensions\crossriderapp4639@crossrider.com
Folder Deleted : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\Luis Javier\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Luis Javier\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\LUISJA~1\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\LUISJA~1\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\no one\AppData\LocalLow\Dealio
Folder Deleted : C:\Users\no one\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\no one\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\SavingsApp
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004639.BHO
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Tutoriales100
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E634228A-03CF-4BC8-B0AB-668257F1FD8C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E634228A-03CF-4BC8-B0AB-668257F1FD8C}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=121845 ... EEE6C7E923 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.28 (en-GB)

File : C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\prefs.js

C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?affID=121845&tt=gc_&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_d[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4639.4639.InstallationTime", 1349304983);
Deleted : user_pref("extensions.crossriderapp4639.4639.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4639.4639.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4639.4639.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4639.4639.active", true);
Deleted : user_pref("extensions.crossriderapp4639.4639.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp4639.4639.backgroundver", 43);
Deleted : user_pref("extensions.crossriderapp4639.4639.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4639.4639.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.InstallationTime.value", "1349304983");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_aoi.value", "1349304983");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_arbitrary_code.expiration", "Fri Jul 12 201[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_arbitrary_code.value", "%22%28function%28%2[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_blocklist.expiration", "Fri Jul 12 2013 22:[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_country_code.expiration", "Sat Jul 13 2013 [...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_country_code.value", "%22MX%22");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_crr.value", "1373684489");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_currenttime.value", "%221372100325%22");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installtime.value", "%221357677930%22");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_parent_zoneid.value", "%2240930%22");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_pc_20120828.value", "1357845477239");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_product_id.value", "%221236%22");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_zoneid.value", "%2289434%22");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.dbtest.value", "1357845472260");
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.cookie.lastrequest.value", "%7B%22path%22%3A%22/Partner[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.description", "SavingsApp");
Deleted : user_pref("extensions.crossriderapp4639.4639.domain", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4639.4639.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.group", 0);
Deleted : user_pref("extensions.crossriderapp4639.4639.homepage", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.iframe", false);
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_appVer.value", "97");
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_nextCheck.expiration", "Sat Jul 13[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_remote_resources.expiration", "Fri[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.name", "SavingsApp");
Deleted : user_pref("extensions.crossriderapp4639.4639.newtab", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.ver", 6);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.ver", 39);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.ver", 3);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.ver", 5);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.ver", 9);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.ver", 4);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.ver", 4);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.ver", 4);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.ver", 3);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.ver", 4);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.ver", 3);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_64.ver", 2);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_72.ver", 3);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_78.ver", 3);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_98.code", "(function(){var b=\"cr_\"+app[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_98.name", "omniCommands");
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_98.ver", 2);
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,10000[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/app[...]
Deleted : user_pref("extensions.crossriderapp4639.4639.pluginsversion", 70);
Deleted : user_pref("extensions.crossriderapp4639.4639.publisher", "Innovative Apps");
Deleted : user_pref("extensions.crossriderapp4639.4639.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4639.4639.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4639.4639.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4639.4639.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4639.4639.ver", 97);
Deleted : user_pref("extensions.crossriderapp4639.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp4639.apps", "4639");
Deleted : user_pref("extensions.crossriderapp4639.bic", "13c25e57daf9df6ba7a407d0beed1934");
Deleted : user_pref("extensions.crossriderapp4639.cid", 4639);
Deleted : user_pref("extensions.crossriderapp4639.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4639.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4639.installationdate", 1357845462);
Deleted : user_pref("extensions.crossriderapp4639.lastcheck", 22894742);
Deleted : user_pref("extensions.crossriderapp4639.lastcheckitem", 22894742);
Deleted : user_pref("extensions.crossriderapp4639.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4639.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp4639.updating", true);
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.bbDpng", "12");
Deleted : user_pref("extensions.delta.cntry", "MX");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.hdrMd5", "AF96B0C1DE7E9B0EA9D0AF2D18A299F8");
Deleted : user_pref("extensions.delta.id", "8a1f726b0000000000000ceee6c7e923");
Deleted : user_pref("extensions.delta.instlDay", "15844");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.21.013:38:31");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.sg", "azb");
Deleted : user_pref("extensions.delta.smplGrp", "azb");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.013:38:31");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.0");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=121845&tt=gc_");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v28.0.1500.71

File : C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [34879 octets] - [12/07/2013 22:04:38]

########## EOF - C:\AdwCleaner[S1].txt - [34940 octets] ##########
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby javier910 » July 12th, 2013, 11:43 pm

OTL.txt

OTL logfile created on: 7/12/2013 10:19:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luis Javier\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 56.50% Memory free
7.81 Gb Paging File | 5.65 Gb Available in Paging File | 72.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 44.75 Gb Free Space | 15.68% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 2.09 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: LUISJAVIER-PC | User Name: Luis Javier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Luis Javier\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)


========== Modules (No Company Name) ==========

MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\wx._gdi_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\wx._misc_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\pythoncom27.dll ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32com.shell.shell.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\_elementtree.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\PyWinTypes27.dll ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32api.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\_ctypes.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\wx._html2.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\_socket.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\_multiprocessing.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32ts.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32profile.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32crypt.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\wx._core_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32security.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\_ssl.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\wx._windows_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\_hashlib.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\wx._wizard.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32file.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32inet.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32process.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32pdh.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\wx._controls_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\unicodedata.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\pyexpat.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\win32event.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI23922\select.pyd ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\8a419cb1ccbeb80d7985b839e7d56369\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2338d6dfcf2fee97810bb13b5d8b84c3\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\85f08103502e5ff944cef0bf10e011a5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\64fc35391d57638930a0b33cf70ad40a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffd7a625cefa32bcea5a2af8394b5b69\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5d6d3ee0245de707ceb6a61466130f1b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\18129e9f3b1b5d82dcd1904ac6c471df\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\6e682e0f78f6a2c28be080c8940bebb4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\75d9bc7426ceb0de95259ba4f0b33de5\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ddab8d958a389e0578db75ff35a5d772\mscorlib.ni.dll ()
MOD - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
IE:64bit: - HKLM\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
IE - HKLM\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\SearchScopes\{0B278C6F-EC6B-3477-311E-6342928C69FF}: "URL" = http://flv.asksearch.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-113-11-NwOi
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\SearchScopes\{25D357A3-3118-4329-96B3-E9B6F844645B}: "URL" = http://mx.search.yahoo.com/search?fr=ch ... =386496&p={searchTerms}
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {81df63a1-ec2c-5b84-0e9f-1007a5009873}:4.6.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://mx.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/21 14:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/31 15:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/19 13:45:07 | 000,000,000 | ---D | M]

[2012/05/11 19:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions
[2010/10/08 00:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/05/11 19:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/07/12 22:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\extensions
[2012/10/28 13:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/16 23:07:43 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{81df63a1-ec2c-5b84-0e9f-1007a5009873}
[2010/08/29 12:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 13:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 15:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 17:11:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/08 11:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2009/08/21 14:06:04 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2013/01/31 15:26:08 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/01/31 15:26:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/01/31 15:26:08 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/01/31 15:26:09 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (dymanet) - {64c6c7b0-3789-a383-e982-ecc5a035eed3} - C:\Windows\SysWOW64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Brdefprn] C:\Program Files (x86)\Brother\BRHL2170\Brdefprn.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [tutoriales100_mx_11] C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [Facebook Update] C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [Spotify] C:\Users\Luis Javier\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [Spotify Web Helper] C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herramienta de búsqueda de soportes de PMB.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.77.10 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54D7BC1F-2D45-41F2-B3F1-00FCF3233219}: DhcpNameServer = 10.3.77.10 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2B22902-3A30-4E4D-9F12-1B6DB8D88653}: DhcpNameServer = 137.82.27.42 142.103.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/12 22:16:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luis Javier\Desktop\OTL.exe
[2013/07/12 22:09:40 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Local\eorezo
[2013/07/12 17:02:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Luis Javier\Desktop\dds.com
[2013/07/12 00:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/12 00:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/12 00:02:59 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Luis Javier\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/11 00:19:05 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/11 00:19:04 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/11 00:19:02 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/11 00:19:02 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/11 00:17:14 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/06/30 21:43:49 | 000,000,000 | --SD | C] -- C:\Users\Luis Javier\Google Drive
[2013/06/30 21:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/30 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/30 21:17:30 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/30 21:17:19 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/27 13:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/26 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/06/25 09:57:02 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/24 23:21:11 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/06/24 23:21:11 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/06/24 23:21:11 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/06/24 23:21:11 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/06/24 23:21:11 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/06/24 23:21:11 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/06/24 23:21:11 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/06/24 23:21:11 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/06/24 23:21:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/06/24 23:21:11 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/06/24 23:21:11 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/06/24 23:21:11 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/24 23:21:11 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/24 23:21:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/24 23:21:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/24 23:21:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/24 23:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/24 23:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/24 23:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/24 23:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/24 23:21:11 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/24 23:21:10 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/06/24 23:21:10 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/06/24 23:21:10 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/06/24 23:21:10 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/06/24 23:21:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/06/24 23:21:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/06/24 23:21:10 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/06/24 23:21:10 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/06/20 13:25:42 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Local\Spotify
[2013/06/20 13:25:19 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Roaming\Spotify
[9 C:\Users\Luis Javier\Documents\*.tmp files -> C:\Users\Luis Javier\Documents\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Luis Javier\Desktop\*.tmp files -> C:\Users\Luis Javier\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/12 22:19:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 22:19:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 22:17:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luis Javier\Desktop\OTL.exe
[2013/07/12 22:10:37 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/07/12 22:09:31 | 000,000,709 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/07/12 22:08:33 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/12 22:08:08 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/12 22:07:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/12 22:07:39 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/12 22:06:14 | 000,000,361 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/12 22:02:37 | 000,662,345 | ---- | M] () -- C:\Users\Luis Javier\Desktop\adwcleaner.exe
[2013/07/12 22:00:12 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000UA.job
[2013/07/12 22:00:09 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000Core.job
[2013/07/12 18:22:03 | 000,024,074 | ---- | M] () -- C:\Users\Luis Javier\Desktop\eticket-Mr-CHONGVAZQUEZ-LUIS JAVIER .pdf
[2013/07/12 17:02:29 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Luis Javier\Desktop\dds.com
[2013/07/12 00:05:47 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Luis Javier\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/11 18:52:20 | 000,435,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 11:55:39 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 00:36:03 | 000,747,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 00:36:03 | 000,626,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 00:36:03 | 000,111,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/30 22:45:25 | 000,233,816 | ---- | M] () -- C:\Users\Luis Javier\Desktop\german placement test.png
[2013/06/30 21:43:51 | 000,001,710 | ---- | M] () -- C:\Users\Luis Javier\Desktop\Google Drive.lnk
[2013/06/30 21:21:10 | 001,635,239 | ---- | M] () -- C:\Users\Luis Javier\Desktop\mvhs.pdf
[2013/06/30 21:17:12 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/30 21:17:11 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/30 21:17:10 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/30 19:08:56 | 000,044,726 | ---- | M] () -- C:\Users\Luis Javier\Desktop\tum acceptance.png
[2013/06/28 10:17:56 | 000,002,283 | ---- | M] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/26 11:29:07 | 000,002,164 | ---- | M] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/06/26 11:26:29 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/24 23:21:11 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/06/24 23:21:11 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/06/24 23:21:11 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/06/24 23:21:11 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/06/24 23:21:11 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/06/24 23:21:11 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/06/24 23:21:11 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/06/24 23:21:11 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/06/24 23:21:11 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/06/24 23:21:11 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/06/24 23:21:11 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/06/24 23:21:11 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/24 23:21:11 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/24 23:21:11 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/24 23:21:11 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/24 23:21:11 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/24 23:21:11 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/24 23:21:11 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/24 23:21:11 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/24 23:21:11 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/24 23:21:11 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/24 23:21:11 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/24 23:21:10 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/06/24 23:21:10 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/06/24 23:21:10 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/06/24 23:21:10 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/06/24 23:21:10 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/06/24 23:21:10 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/06/24 23:21:10 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/06/24 23:21:10 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/06/18 15:14:43 | 000,000,000 | ---- | M] () -- C:\Users\Luis Javier\Desktop\9gag.htm
[2013/06/17 18:30:03 | 002,201,400 | ---- | M] () -- C:\Users\Luis Javier\Desktop\llenado visa alemana.pdf
[2013/06/16 11:34:48 | 381,812,060 | R--- | M] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4
[2013/06/15 09:49:05 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLuis Javier.job
[9 C:\Users\Luis Javier\Documents\*.tmp files -> C:\Users\Luis Javier\Documents\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Luis Javier\Desktop\*.tmp files -> C:\Users\Luis Javier\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/12 22:05:05 | 000,000,361 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/12 22:02:24 | 000,662,345 | ---- | C] () -- C:\Users\Luis Javier\Desktop\adwcleaner.exe
[2013/07/12 18:22:02 | 000,024,074 | ---- | C] () -- C:\Users\Luis Javier\Desktop\eticket-Mr-CHONGVAZQUEZ-LUIS JAVIER .pdf
[2013/06/30 22:45:24 | 000,233,816 | ---- | C] () -- C:\Users\Luis Javier\Desktop\german placement test.png
[2013/06/30 21:43:51 | 000,001,710 | ---- | C] () -- C:\Users\Luis Javier\Desktop\Google Drive.lnk
[2013/06/30 21:21:09 | 001,635,239 | ---- | C] () -- C:\Users\Luis Javier\Desktop\mvhs.pdf
[2013/06/30 19:08:56 | 000,044,726 | ---- | C] () -- C:\Users\Luis Javier\Desktop\tum acceptance.png
[2013/06/27 13:58:18 | 000,002,283 | ---- | C] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/27 13:58:18 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/26 11:29:07 | 000,002,164 | ---- | C] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/06/20 13:25:40 | 000,001,826 | ---- | C] () -- C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/06/18 15:14:42 | 000,000,000 | ---- | C] () -- C:\Users\Luis Javier\Desktop\9gag.htm
[2013/06/17 18:30:00 | 002,201,400 | ---- | C] () -- C:\Users\Luis Javier\Desktop\llenado visa alemana.pdf
[2013/06/16 11:22:45 | 381,812,060 | R--- | C] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4
[2013/06/16 11:22:10 | 000,020,794 | ---- | C] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.ESP.wWw.SubsTeam.Net.srt
[2013/05/19 13:38:50 | 000,000,144 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/10 22:08:05 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/03/10 22:08:05 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2012/12/18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/10/03 17:41:53 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/10/25 22:53:18 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/08/26 08:06:26 | 002,754,560 | ---- | C] () -- C:\Windows\SysWow64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll
[2011/02/11 13:49:46 | 000,001,854 | ---- | C] () -- C:\Users\Luis Javier\AppData\Roaming\GhostObjGAFix.xml
[2010/11/05 10:53:17 | 000,003,584 | ---- | C] () -- C:\Users\Luis Javier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 20:53:33 | 000,000,036 | ---- | C] () -- C:\Users\Luis Javier\AppData\Local\housecall.guid.cache
[2010/01/03 00:39:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/17 08:39:56 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2010/08/07 18:18:11 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3015314384-3129878688-3584949256-1000\$INPTO0B.u
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/21 04:08:03 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\AVG10
[2012/07/03 21:32:24 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\DAEMON Tools Lite
[2011/03/18 13:02:57 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\DBDesigner4
[2011/03/08 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\deluge
[2012/10/03 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Digiarty
[2013/07/12 22:11:18 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Dropbox
[2011/03/15 22:59:53 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\HeidiSQL
[2010/05/08 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\iPodtoComputer
[2011/03/18 13:14:42 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\MySQL
[2011/03/09 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Quantitative Micro Software
[2010/05/29 18:54:33 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Red Kawa
[2011/02/18 14:54:23 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Regensoft
[2013/03/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Samsung
[2010/01/19 21:26:21 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Softland
[2012/05/11 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Songbird2
[2013/07/12 22:10:42 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Spotify
[2010/01/11 00:12:31 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Stata10
[2010/01/19 22:56:41 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\UDC Profiles
[2013/07/12 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\uTorrent
[2010/01/15 20:07:36 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\VOWSoft
[2012/04/29 20:02:25 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\WindSolutions
[2011/03/09 11:08:09 | 000,000,000 | ---D | M] -- C:\Users\no one\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A2947BEA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby javier910 » July 12th, 2013, 11:44 pm

Extras.txt

OTL Extras logfile created on: 7/12/2013 10:19:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luis Javier\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 56.50% Memory free
7.81 Gb Paging File | 5.65 Gb Available in Paging File | 72.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 44.75 Gb Free Space | 15.68% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 2.09 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: LUISJAVIER-PC | User Name: Luis Javier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3015314384-3129878688-3584949256-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06153B82-FE0E-4EB7-8DC6-B706F8C138BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09ECA408-7E0A-441F-9F7B-E8106F04CD06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16518AD6-69A2-4995-80E4-1B7620E46F01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1690AFF4-A14E-4201-AC47-A6CFEE4527F0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2ED2B94F-E5A0-440F-AED1-7DBDA2B1AD59}" = lport=137 | protocol=17 | dir=in | app=system |
"{3041528F-7196-4EB5-BB2D-32E88571A612}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31B2E4BC-C7F1-42A4-9B32-656F7957E2E1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{39504D4B-E877-4766-8FA7-549E39941928}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4F1783FE-1314-450D-8A67-D3BD2C70F556}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{53857152-AC56-4158-9949-8EFF31E1380E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58D6034D-3E80-4CFB-ABB3-5CAF587347B4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6252D910-47C3-4917-8B8F-64C879CEA5AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{641A5E06-3840-4CB4-B9FA-4C6521EE8B8B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AEED6C1-3139-422D-BF4E-009595342839}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E3B8D61-709B-4C29-B825-D6A447B18187}" = lport=139 | protocol=6 | dir=in | app=system |
"{76961CA2-BBF1-40F2-895F-F75B5A4BDE59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{784514FF-BC29-4297-8B46-034DBC4FA62F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80F237F0-EE08-4BA1-B7BE-8A524E05D2B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{8331849B-F28F-46B7-891A-E921EEBC69FA}" = rport=445 | protocol=6 | dir=out | app=system |
"{8B874C94-83C1-4308-AC73-1282DC703906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8BCB64C2-CA38-4976-BACB-03261B87F914}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DA9AA6F-3BC2-4DFB-A39B-A4AE6BEE7AE0}" = lport=445 | protocol=6 | dir=in | app=system |
"{A69355EC-0114-458C-8366-4559FE80027F}" = rport=139 | protocol=6 | dir=out | app=system |
"{A72A0B25-D408-4CE0-A79F-F6426BD1E65F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B666E66B-7E97-4DB3-B72A-3082ED85FB3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1D47D9D-A5A5-407A-AA01-F887E8D30990}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2366C53-5E10-4A0C-8240-863B7BB527B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA4119FF-20FE-494B-ADDE-842E1292071A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8E1221D-C361-414C-8F17-846C245255CD}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8E84CB0-5390-49CE-862D-A9EF4892125F}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF2584D5-E7DF-43D1-89FF-A9769158359C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBA8C288-9274-457B-8B7C-B3636795837F}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011FC95A-1AD1-452C-A91E-67962238388A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{01FACF06-2234-4FAA-99AF-8A71CA572C1B}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{11B7E318-DBA9-4BF9-ADB9-2617DB8F7742}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1215926D-094C-4377-B143-6D9D6F078855}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{13116AF0-4DE1-4478-9EEB-D26A1FE5D464}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1B381CFB-07A3-47E6-8974-C2A5B7FCF869}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{24112E72-DF6E-4835-9CA4-8A48F308BE02}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{24E1AAB6-5C04-4056-AECA-F90608E8E1BF}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{27D67989-099C-47FF-802F-D9BB2B6B45A1}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{2AA609D5-2800-4681-9F14-620FD1A2B9DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BE73FC1-2F72-4BC2-B26F-58F56850B296}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{33A6FA86-3A37-404B-90AC-3DCD5BA40174}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{37A33B21-5BF5-4AF4-BA3F-EE230FB89884}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A28E5AA-50F5-4095-B24C-4DD4BC4AD451}" = protocol=6 | dir=in | app=c:\users\luis javier\appdata\roaming\dropbox\bin\dropbox.exe |
"{3A350805-F87F-4231-8295-0F481B85F2C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C8474A6-04B0-448C-A9E6-DBF1F8FFB5F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EDADFAD-4C2B-49BF-857B-1391E5B9AC37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{406F4EC8-E9AA-48A6-AA2A-0A65D4508FEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{427FDCF0-2768-420C-8662-80F5008A8E13}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{42FDF6C0-CABB-40FA-BA7E-38A193E6C8A7}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{48043CC1-16E8-4F9A-A494-41BD769C2B2B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{483D1C9D-EDEC-420E-8252-D72799C2F613}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{507FA0A7-BD4C-4E3B-9062-6B4C3C4548BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{56F47675-EE2C-4C93-A185-1D1C88120EE0}" = dir=in | app=c:\users\luis javier\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5B854675-F9F5-48DC-8BE5-53EB07DAED8E}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{5C401DA3-B494-4C03-B126-A9DB5AC038B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5CF5E563-3791-4259-BBD5-751F1614E8B1}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{6087BECF-040B-42EA-9A08-09AD7B0EECDB}" = protocol=17 | dir=in | app=c:\users\luis javier\appdata\roaming\dropbox\bin\dropbox.exe |
"{6531172F-19D4-4C97-9E16-588736AE4C59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7682CC4A-06CC-4380-9A6E-758CCFC69586}" = protocol=58 | dir=in | app=system |
"{77C0DDA1-4780-4E01-B7CE-5611401B839C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{7BEFA836-5ECB-49E2-B696-9C0A6DED06D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C2E3D1D-D88F-4881-9DD7-61C7FEB4CC2B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{7F040830-5C6F-4A21-ACBD-E3D976E5A4AF}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{7F2B511A-D931-4AD3-9978-1F9DAE89208E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{8062A36C-589B-4224-B502-BBCCFD47C32F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{83544D00-0607-4868-8364-E569DA08574D}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{8D0E85CB-A2B2-40E6-BF90-91C3CBE6220A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FCCC5B1-6196-44DD-8273-36CCF1AAC6AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{918E6E71-0255-4055-9EB1-A9B479E424C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{971761F5-7BC0-41AC-9674-9E76D82C3FC8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A6DE03E6-DF90-4EA4-AB36-16E4DAB68735}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AC851ECB-B1B5-46D3-B272-43E47FBB0B65}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{AEFE6630-389E-44DF-82F3-9485A7A6FD6A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{B1DEC591-00A0-49B7-9765-7CA3279BF3B3}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B20ABAAE-4206-4751-A3E5-FF2B38A1C45E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{B4CA0A1A-8DED-4F8D-BA3E-695D3218EE27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC5F49D3-9535-4783-BAAD-FEF466071241}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF860677-5141-4A16-909D-3FA51F8EE7FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C37635FA-374C-4280-91C0-C4BD9F5A143E}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
"{C7A46DE4-E4D1-4D56-A8DA-0DE624E4AB3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{CB35CFFC-2DF8-423D-940F-CCE1E190DBF7}" = protocol=6 | dir=out | app=system |
"{D4DD1ACF-A20F-4D35-A159-76EC9532915C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E48F0E03-C4B6-4DCC-9586-B0267C6819F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E82A4DB8-9112-4D3E-A1CB-DE25771ACD29}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{EA111EA7-8480-4525-AB37-F8B851DAEDFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{EEE093F6-9F54-4D87-808E-F1A4903C247A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF6C14D6-134C-4A49-B549-42CF5987D932}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3C378E9-D6B5-4817-9839-59A1EC55D2FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{F5A69FEF-70C1-4F23-9D83-75CB3F2D7BAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7161A67-8D15-455E-90C2-8013B31D9618}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FD35CADE-7D38-4F3D-BB2B-C7120A845428}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"TCP Query User{0A9B4E8A-AE80-46DA-A0AC-17B51D7E5066}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{3D57224C-C89B-42E4-8878-DD3ACFE50D9D}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{5050F516-81A9-419C-83F1-3E0B98EECE26}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"TCP Query User{C2B7C2D8-A936-45B7-9EF7-58950EE850B1}C:\users\luis javier\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\luis javier\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{D03DAE94-0BFA-4472-A616-262344401FED}C:\users\luis javier\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\luis javier\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{D5A2EF6E-4E75-4C6F-BCE0-08A69B3BB020}C:\users\luis javier\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\luis javier\appdata\roaming\spotify\spotify.exe |
"TCP Query User{DA19DAF5-EDD3-4779-AB5D-D7A96AD2462D}C:\users\luis javier\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\luis javier\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1B80455B-211B-4B22-8869-A6EF91F84AD9}C:\users\luis javier\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\luis javier\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{3061EA88-EDDA-4DE8-A56D-A7FC141A3F24}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{57CC9C8C-71AB-4651-8CD9-EEAE14EC1812}C:\users\luis javier\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\luis javier\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{6FE6BF40-3E6D-410F-92E5-75334BDFE908}C:\users\luis javier\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\luis javier\appdata\roaming\spotify\spotify.exe |
"UDP Query User{86BCB55D-DDD6-489F-88FD-21506868B40A}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{D9C3B2C7-F909-44D8-9011-24774CDFD9C9}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"UDP Query User{E7CEFB40-0E70-45C2-9C22-AE6DD3A38B68}C:\users\luis javier\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\luis javier\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1CCF1727-A817-4FEE-A028-5466FB542934}" = Motorola Mobile Drivers Installation 5.2.0
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client
"{7C903D14-7EF4-4B71-BF78-2BCAFC499EB1}" = SQLXML4
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"novaPDF Standard Desktop 7 printer_is1" = novaPDF Standard Desktop 7.0 printer
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08C2D525-8D9D-4823-8A6A-3F78CAB89DA8}" = Brother HL-2170W
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{16673285-3ADA-4EAB-9777-E35B2F335CC8}" = FreeRIP Toolbar v7.2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B7E8E82-5E89-42BB-8506-3C2D258798EE}" = MySQL Workbench 5.2 CE
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{302BF4A9-0AEB-41A6-8838-A9497F07B508}" = The Options Toolbox v5.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{401E5DAC-CE0A-4646-9AE3-652B7A19C70E}" = EViews 5
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D2DFB70-AECB-47BF-A895-3B3AA544934F}" = Microsoft SQL Server 2005 Tools
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.61
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33447B6-F49A-41FC-AF0A-D27BDCAC2E23}" = Easy Phone Tunes
"{a44f02c3-ed51-45d5-a84e-b833efe646e3}" = Nero 9 Essentials
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FA37AB80-C017-4BE7-87FA-30A99C820919}" = pdfforge Toolbar v7.2
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"A-PDF Page Master_is1" = A-PDF Page Master
"A-PDF Scan Optimizer_is1" = A-PDF Scan Optimizer
"AVCWare iPod to iPod/Computer/iTunes Transfer" = AVCWare iPod to iPod/Computer/iTunes Transfer
"c2f6ab11-d54d-ddbc-3efc-5692dc13cafe" = Contextual Tracker Dymanet
"DivX Setup.divx.com" = DivX Setup
"FLV Player X" = FLV Player X
"Google Chrome" = Google Chrome
"Graphmatica" = Graphmatica
"HeidiSQL_is1" = HeidiSQL 6.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"iCal_is1" = iCal 4.1 Web Calendar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"iPod PC Transfer_is1" = iPod PC Transfer 6.4
"iPod to Computer Transfer" = iPod to Computer Transfer 4.8.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Pharos" = Pharos
"PlayFLV" = PlayFLV
"PROR" = Microsoft Office Professional 2007
"tutoriales100_mx_11_is1" = tutoriales100_mx_11
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Veetle TV" = Veetle TV 0.9.17
"Videora iPod Converter" = Videora iPod Converter 5.04
"VLC media player" = VLC media player 1.0.5
"WildTangent hp Master Uninstall" = HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Author_is1" = WinX DVD Author 6.2
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.8
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3015314384-3129878688-3584949256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
"MyFreeCodec" = MyFreeCodec
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify
"TimeAdjuster" = Time Adjuster STANDARD 3.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2013 9:06:57 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3464

Error - 7/12/2013 9:06:57 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3464

Error - 7/12/2013 9:06:58 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/12/2013 9:06:58 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4665

Error - 7/12/2013 9:06:58 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4665

Error - 7/12/2013 9:06:59 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/12/2013 9:06:59 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5710

Error - 7/12/2013 9:06:59 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5710

Error - 7/12/2013 9:07:00 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/12/2013 9:07:00 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6755

Error - 7/12/2013 9:07:00 PM | Computer Name = LuisJavier-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6755

[ Hewlett-Packard Events ]
Error - 5/11/2012 6:38:10 PM | Computer Name = LuisJavier-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/11/2012 6:39:28 PM | Computer Name = LuisJavier-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/11/2012 6:44:35 PM | Computer Name = LuisJavier-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/7e9d29c9_3407_4b8c_b7c8_4049ebb626a6/eht_uact9bwhvzm7o540udyl_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3999 Ram Utilization: TargetSite: Void UpdateDetail(System.String)

Error - 5/18/2012 7:10:14 PM | Computer Name = LuisJavier-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/1a89b77d_eefa_4a4b_ad3d_c3fc84a39e10/yhyhyf_hwwf2l4ji2vfianmp_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3999 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 6/17/2012 1:09:49 PM | Computer Name = LuisJavier-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/7739bbae_2691_4919_86f0_0f3efda0f046/rbq0yen5evrdby0wax3oxuis_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3999 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 7/22/2012 6:50:57 PM | Computer Name = LuisJavier-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/506898f7_29cb_4499_bd88_6306eccfd05d/jujoaclz_4jtqr5m7ygvid5j_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3999 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 8/18/2012 4:51:14 PM | Computer Name = LuisJavier-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/991ea7ac_9729_4528_91cf_f6e54a6c1b86/bypal0mgbxgff5u+bdfspowl_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3999 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 8/31/2012 7:58:11 PM | Computer Name = LuisJavier-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/eabc6279_155e_45a3_992f_838d8d20af9e/6d_bqavga6z+ritlz6su8k7y_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3999 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 8/31/2012 7:58:49 PM | Computer Name = LuisJavier-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/15/2012 11:39:03 AM | Computer Name = LuisJavier-PC | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 12/16/2012 9:21:39 PM | Computer Name = LuisJavier-PC | Source = CaslSmBios | ID = 5
Description = 2012/12/16 19:21:39.013|00001A84|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 12/16/2012 9:21:39 PM | Computer Name = LuisJavier-PC | Source = CaslSmBios | ID = 5
Description = 2012/12/16 19:21:39.417|00001A84|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 12/16/2012 9:21:39 PM | Computer Name = LuisJavier-PC | Source = CaslSmBios | ID = 5
Description = 2012/12/16 19:21:39.477|00001A84|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 12/16/2012 9:21:39 PM | Computer Name = LuisJavier-PC | Source = CaslSmBios | ID = 5
Description = 2012/12/16 19:21:39.547|00001A84|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 12/16/2012 9:21:39 PM | Computer Name = LuisJavier-PC | Source = CaslSmBios | ID = 5
Description = 2012/12/16 19:21:39.606|00001A84|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 12/16/2012 9:21:39 PM | Computer Name = LuisJavier-PC | Source = CaslSmBios | ID = 5
Description = 2012/12/16 19:21:39.657|00001A84|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 12/16/2012 9:21:39 PM | Computer Name = LuisJavier-PC | Source = CaslSmBios | ID = 5
Description = 2012/12/16 19:21:39.709|00001A84|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 12/16/2012 9:21:39 PM | Computer Name = LuisJavier-PC | Source = CaslSmBios | ID = 5
Description = 2012/12/16 19:21:39.766|00001A84|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

[ OSession Events ]
Error - 4/13/2010 5:58:09 PM | Computer Name = LuisJavier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 522 seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/16/2011 1:51:23 PM | Computer Name = LuisJavier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/16/2011 1:51:59 PM | Computer Name = LuisJavier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/17/2011 11:45:30 AM | Computer Name = LuisJavier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2266
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 11/17/2011 2:30:58 PM | Computer Name = LuisJavier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8579
seconds with 6480 seconds of active time. This session ended with a crash.

Error - 11/17/2011 3:31:24 PM | Computer Name = LuisJavier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3377
seconds with 2940 seconds of active time. This session ended with a crash.

Error - 5/27/2013 8:34:30 PM | Computer Name = LuisJavier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/12/2013 8:58:39 PM | Computer Name = LuisJavier-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...tory\mdmnokia.inf_amd64_neutral_a8e9a41983d33a0b\mdmnokia.inf]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process svchost.exe, (start check timestamp [
1ce7f641cf28c91]).

Error - 7/12/2013 8:58:40 PM | Computer Name = LuisJavier-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process mbamservice.ex, (start check timestamp
[ 1ce7f63e0e3b487]).

Error - 7/12/2013 8:58:40 PM | Computer Name = LuisJavier-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...85f08103502e5ff944cef0bf10e011a5\PresentationFramework.ni.dll]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process mbamservice.ex, (start check timestamp
[ 1ce7f63db569f03]).

Error - 7/12/2013 8:58:40 PM | Computer Name = LuisJavier-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...diskVolume2\Program Files (x86)\Brother\BRHL2170\brdefprn.exe]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process mbamservice.ex, (start check timestamp
[ 1ce7f641d45dcba]).

Error - 7/12/2013 8:58:40 PM | Computer Name = LuisJavier-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...\Device\HarddiskVolume2\windows\system32\ssdpsrv.dll]'s scan
succeeded following a timeout/busy condition - it is being logged in case it contributed
to that condition. Process mbamservice.ex, (start check timestamp [ 1ce7f641d483e1b]).


Error - 7/12/2013 8:58:40 PM | Computer Name = LuisJavier-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...HarddiskVolume2\Program Files (x86)\HP\QuickPlay\powrprof.dll]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process mbamservice.ex, (start check timestamp
[ 1ce7f641d5b491d]).

Error - 7/12/2013 8:58:40 PM | Computer Name = LuisJavier-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...tory\keyboard.inf_amd64_neutral_0684fdc43059f486\keyboard.inf]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process svchost.exe, (start check timestamp [
1ce7f641d77d9a0]).

Error - 7/12/2013 9:02:42 PM | Computer Name = LuisJavier-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Update Service (gupdate) service to connect.

Error - 7/12/2013 9:02:42 PM | Computer Name = LuisJavier-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 7/12/2013 9:02:46 PM | Computer Name = LuisJavier-PC | Source = DCOM | ID = 10010
Description =


< End of report >
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 13th, 2013, 7:00 am

javier910,
Please be aware that your hard drive is close to maximum capacity. It has just over 15% free space now.
Windows needs that much to handle its housekeeping and other temporary tasks.
Please empty your Recycle bin regularly, and think about offloading some of any large file collections to DVDs, etc.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include "Code:select all"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}: "URL" = http://www.ask.com/web?q= {searchTerms}&l=dis&o=cahpl
    IE - HKLM\..\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}: "URL" = http://www.ask.com/web?q= {searchTerms}&l=dis&o=cahpl
    IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\SearchScopes\{0B278C6F-EC6B-3477-311E-6342928C69FF}: "URL" = http://flv.asksearch.com/s/?q= {searchTerms}&iesrc={referrer:source?}&cfg=2-113-11-NwOi
    IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}: "URL" = http://www.ask.com/web?q= {searchTerms}&l=dis&o=cahpl
    IE - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com :6.9
    O3 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKU\S-1-5-21-3015314384-3129878688-3584949256-1000..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
    O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
    [2013/07/12 22:09:40 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Local\eorezo
    [2013/07/12 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\uTorrent
    
    :Files
    C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

So we will be looking for the contents of the FIX log, and the new OTL.txt from the Quick scan.
Please tell me how it's running.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 13th, 2013, 6:24 pm

Hello askey127,

Here are the 2 logs you requested. I am still getting the annoying pop-ups,

FIX:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}\ not found.
HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0B278C6F-EC6B-3477-311E-6342928C69FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B278C6F-EC6B-3477-311E-6342928C69FF}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Internet Explorer\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}\ not found.
HKU\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: wtxpcom@mybrowserbar.com :6.9 removed from extensions.enabledItems
Registry value HKEY_USERS\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3015314384-3129878688-3584949256-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
C:\Users\Luis Javier\AppData\Local\eorezo\eorezo\1.10 folder moved successfully.
C:\Users\Luis Javier\AppData\Local\eorezo\eorezo folder moved successfully.
C:\Users\Luis Javier\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
File\Folder C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Luis Javier\Desktop\cmd.bat deleted successfully.
C:\Users\Luis Javier\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 9236111 bytes

User: Luis Javier
->Java cache emptied: 16201681 bytes

User: no one
->Java cache emptied: 7140 bytes

User: Public

Total Java Files Cleaned = 24.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 630 bytes

User: Luis Javier
->Flash cache emptied: 994048 bytes

User: no one

User: Public

Total Flash Files Cleaned = 1.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 530414 bytes
->Temporary Internet Files folder emptied: 2739573 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Luis Javier
->Temp folder emptied: 4723513618 bytes
->Temporary Internet Files folder emptied: 348737329 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66776966 bytes
->Google Chrome cache emptied: 377378805 bytes
->Apple Safari cache emptied: 10520576 bytes
->Flash cache emptied: 0 bytes

User: no one
->Temp folder emptied: 189648 bytes
->Temporary Internet Files folder emptied: 12160984 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 109573 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 990704667 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42340184 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 746 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,271.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07132013_093652

Files\Folders moved on Reboot...
File move failed. C:\Users\Luis Javier\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe scheduled to be moved on reboot.
File move failed. C:\Users\Luis Javier\AppData\Local\Temp\av4138E.tmp scheduled to be moved on reboot.
File move failed. C:\Users\Luis Javier\AppData\Local\Temp\av4140E.tmp scheduled to be moved on reboot.
File move failed. C:\Users\Luis Javier\AppData\Local\Temp\av41778.tmp scheduled to be moved on reboot.
File move failed. C:\Users\Luis Javier\AppData\Local\Temp\DymanetA.exe scheduled to be moved on reboot.
C:\Users\Luis Javier\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysWow64\~GLH0015.TMP scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby javier910 » July 13th, 2013, 6:24 pm

OTL

OTL logfile created on: 7/13/2013 4:14:19 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luis Javier\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.94% Memory free
7.81 Gb Paging File | 5.60 Gb Available in Paging File | 71.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 67.21 Gb Free Space | 23.55% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 2.09 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: LUISJAVIER-PC | User Name: Luis Javier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Luis Javier\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)


========== Modules (No Company Name) ==========

MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\_elementtree.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\_socket.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32api.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32ts.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\wx._gdi_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32com.shell.shell.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\wx._html2.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\_multiprocessing.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32crypt.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\pythoncom27.dll ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\_ctypes.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32profile.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\wx._misc_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\PyWinTypes27.dll ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\wx._core_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32security.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\_ssl.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\wx._windows_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\_hashlib.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\wx._wizard.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32file.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32inet.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32process.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32pdh.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\wx._controls_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\win32event.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\pyexpat.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\unicodedata.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI40922\select.pyd ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\8a419cb1ccbeb80d7985b839e7d56369\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2338d6dfcf2fee97810bb13b5d8b84c3\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\85f08103502e5ff944cef0bf10e011a5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\64fc35391d57638930a0b33cf70ad40a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffd7a625cefa32bcea5a2af8394b5b69\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5d6d3ee0245de707ceb6a61466130f1b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\18129e9f3b1b5d82dcd1904ac6c471df\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\6e682e0f78f6a2c28be080c8940bebb4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\75d9bc7426ceb0de95259ba4f0b33de5\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ddab8d958a389e0578db75ff35a5d772\mscorlib.ni.dll ()
MOD - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
MOD - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{25D357A3-3118-4329-96B3-E9B6F844645B}: "URL" = http://mx.search.yahoo.com/search?fr=ch ... =386496&p={searchTerms}
IE - HKCU\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {81df63a1-ec2c-5b84-0e9f-1007a5009873}:4.6.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://mx.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/21 14:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/31 15:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/19 13:45:07 | 000,000,000 | ---D | M]

[2012/05/11 19:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions
[2010/10/08 00:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/05/11 19:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/07/12 22:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\extensions
[2012/10/28 13:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/16 23:07:43 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{81df63a1-ec2c-5b84-0e9f-1007a5009873}
[2010/08/29 12:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 13:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 15:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 17:11:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/08 11:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2009/08/21 14:06:04 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2013/01/31 15:26:08 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/01/31 15:26:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/01/31 15:26:08 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/01/31 15:26:09 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (dymanet) - {64c6c7b0-3789-a383-e982-ecc5a035eed3} - C:\Windows\SysWOW64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Brdefprn] C:\Program Files (x86)\Brother\BRHL2170\Brdefprn.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [tutoriales100_mx_11] C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Luis Javier\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herramienta de búsqueda de soportes de PMB.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.77.10 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54D7BC1F-2D45-41F2-B3F1-00FCF3233219}: DhcpNameServer = 10.3.77.10 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2B22902-3A30-4E4D-9F12-1B6DB8D88653}: DhcpNameServer = 137.82.27.42 142.103.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/13 09:36:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/12 22:16:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luis Javier\Desktop\OTL.exe
[2013/07/12 22:09:40 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Local\eorezo
[2013/07/12 17:02:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Luis Javier\Desktop\dds.com
[2013/07/12 00:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/12 00:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/12 00:02:59 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Luis Javier\Desktop\mbam-setup-1.75.0.1300.exe
[2013/06/30 21:43:49 | 000,000,000 | --SD | C] -- C:\Users\Luis Javier\Google Drive
[2013/06/30 21:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/30 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/27 13:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/26 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/06/20 13:25:42 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Local\Spotify
[2013/06/20 13:25:19 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Roaming\Spotify
[9 C:\Users\Luis Javier\Documents\*.tmp files -> C:\Users\Luis Javier\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Luis Javier\Desktop\*.tmp files -> C:\Users\Luis Javier\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/13 16:20:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 16:20:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 16:11:51 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/07/13 16:10:41 | 000,000,709 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/07/13 16:09:33 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/13 16:08:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/13 16:08:01 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/13 10:07:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/13 10:06:57 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 22:17:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luis Javier\Desktop\OTL.exe
[2013/07/12 22:06:14 | 000,000,361 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/12 22:02:37 | 000,662,345 | ---- | M] () -- C:\Users\Luis Javier\Desktop\adwcleaner.exe
[2013/07/12 22:00:12 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000UA.job
[2013/07/12 22:00:09 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000Core.job
[2013/07/12 18:22:03 | 000,024,074 | ---- | M] () -- C:\Users\Luis Javier\Desktop\eticket-Mr-CHONGVAZQUEZ-LUIS JAVIER .pdf
[2013/07/12 17:02:29 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Luis Javier\Desktop\dds.com
[2013/07/12 00:05:47 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Luis Javier\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/11 18:52:20 | 000,435,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 00:36:03 | 000,747,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 00:36:03 | 000,626,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 00:36:03 | 000,111,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/30 22:45:25 | 000,233,816 | ---- | M] () -- C:\Users\Luis Javier\Desktop\german placement test.png
[2013/06/30 21:43:51 | 000,001,710 | ---- | M] () -- C:\Users\Luis Javier\Desktop\Google Drive.lnk
[2013/06/30 21:21:10 | 001,635,239 | ---- | M] () -- C:\Users\Luis Javier\Desktop\mvhs.pdf
[2013/06/30 19:08:56 | 000,044,726 | ---- | M] () -- C:\Users\Luis Javier\Desktop\tum acceptance.png
[2013/06/28 10:17:56 | 000,002,283 | ---- | M] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/26 11:29:07 | 000,002,164 | ---- | M] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/06/26 11:26:29 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/18 15:14:43 | 000,000,000 | ---- | M] () -- C:\Users\Luis Javier\Desktop\9gag.htm
[2013/06/17 18:30:03 | 002,201,400 | ---- | M] () -- C:\Users\Luis Javier\Desktop\llenado visa alemana.pdf
[2013/06/16 11:34:48 | 381,812,060 | R--- | M] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4
[2013/06/15 09:49:05 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLuis Javier.job
[9 C:\Users\Luis Javier\Documents\*.tmp files -> C:\Users\Luis Javier\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Luis Javier\Desktop\*.tmp files -> C:\Users\Luis Javier\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/12 22:05:05 | 000,000,361 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/12 22:02:24 | 000,662,345 | ---- | C] () -- C:\Users\Luis Javier\Desktop\adwcleaner.exe
[2013/07/12 18:22:02 | 000,024,074 | ---- | C] () -- C:\Users\Luis Javier\Desktop\eticket-Mr-CHONGVAZQUEZ-LUIS JAVIER .pdf
[2013/06/30 22:45:24 | 000,233,816 | ---- | C] () -- C:\Users\Luis Javier\Desktop\german placement test.png
[2013/06/30 21:43:51 | 000,001,710 | ---- | C] () -- C:\Users\Luis Javier\Desktop\Google Drive.lnk
[2013/06/30 21:21:09 | 001,635,239 | ---- | C] () -- C:\Users\Luis Javier\Desktop\mvhs.pdf
[2013/06/30 19:08:56 | 000,044,726 | ---- | C] () -- C:\Users\Luis Javier\Desktop\tum acceptance.png
[2013/06/27 13:58:18 | 000,002,283 | ---- | C] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/27 13:58:18 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/26 11:29:07 | 000,002,164 | ---- | C] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/06/20 13:25:40 | 000,001,826 | ---- | C] () -- C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/06/18 15:14:42 | 000,000,000 | ---- | C] () -- C:\Users\Luis Javier\Desktop\9gag.htm
[2013/06/17 18:30:00 | 002,201,400 | ---- | C] () -- C:\Users\Luis Javier\Desktop\llenado visa alemana.pdf
[2013/06/16 11:22:45 | 381,812,060 | R--- | C] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4
[2013/06/16 11:22:10 | 000,020,794 | ---- | C] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.ESP.wWw.SubsTeam.Net.srt
[2013/05/19 13:38:50 | 000,000,144 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/10 22:08:05 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/03/10 22:08:05 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2012/12/18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/10/03 17:41:53 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/10/25 22:53:18 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/08/26 08:06:26 | 002,754,560 | ---- | C] () -- C:\Windows\SysWow64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll
[2011/02/11 13:49:46 | 000,001,854 | ---- | C] () -- C:\Users\Luis Javier\AppData\Roaming\GhostObjGAFix.xml
[2010/11/05 10:53:17 | 000,003,584 | ---- | C] () -- C:\Users\Luis Javier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 20:53:33 | 000,000,036 | ---- | C] () -- C:\Users\Luis Javier\AppData\Local\housecall.guid.cache
[2010/01/03 00:39:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/17 08:39:56 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2010/08/07 18:18:11 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3015314384-3129878688-3584949256-1000\$INPTO0B.u
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/21 04:08:03 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\AVG10
[2012/07/03 21:32:24 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\DAEMON Tools Lite
[2011/03/18 13:02:57 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\DBDesigner4
[2011/03/08 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\deluge
[2012/10/03 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Digiarty
[2013/07/13 16:13:08 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Dropbox
[2011/03/15 22:59:53 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\HeidiSQL
[2010/05/08 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\iPodtoComputer
[2011/03/18 13:14:42 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\MySQL
[2011/03/09 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Quantitative Micro Software
[2010/05/29 18:54:33 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Red Kawa
[2011/02/18 14:54:23 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Regensoft
[2013/03/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Samsung
[2010/01/19 21:26:21 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Softland
[2012/05/11 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Songbird2
[2013/07/13 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Spotify
[2010/01/11 00:12:31 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Stata10
[2010/01/19 22:56:41 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\UDC Profiles
[2010/01/15 20:07:36 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\VOWSoft
[2012/04/29 20:02:25 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A2947BEA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 13th, 2013, 7:38 pm

javier910,
----------------------------------------------
Download Temp File Cleaner and save it to your desktop.
It does not have to be "Installed". Double click in XP, or Right Click and "Run as administrator" in Vista/Win7.
Run it every week or so to clean out leftover Temp files. This will keep your machine running at best efficiency.
(It does usually require a Restart to clean out all the files.)
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include "Code:select all"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    @Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A2947BEA
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com :6.9
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

It should be running better for you.
I would suggest you run a full scan with Sophos and have it remove anything it finds.

Let me know if you have any additional issues or questions.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 1:24 am

Sorry askey127, I'm still getting the same ads,

This is the FIX log file, hope you can help!

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
ADS C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo deleted successfully.
ADS C:\ProgramData\Temp:A2947BEA deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
Prefs.js: wtxpcom@mybrowserbar.com :6.9 removed from extensions.enabledItems
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Luis Javier\Desktop\cmd.bat deleted successfully.
C:\Users\Luis Javier\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Luis Javier
->Temp folder emptied: 45815590 bytes
->Temporary Internet Files folder emptied: 184161 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6328300 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: no one
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 109568 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 529711 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 51.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07132013_192017

Files\Folders moved on Reboot...
C:\Users\Luis Javier\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysWow64\~GLH0015.TMP scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000000123B74A924754D9D4 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 14th, 2013, 8:33 am

javier910,
Please tell me what message or product or site the ads refer to. Any information about the ads themselves may be useful.
We have already cleaned out a large amount of undesirable content, but looks like we will have to dig a bit deeper.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

------------------------------------------------------------
Run the Farbar Recovery Scanner Tool
Download FRST.exe from here:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/

Double-click to run it. When the tool opens, click Yes to the disclaimer.
  • Make sure all six boxes under Whitelist are checked, and also check the box under Optional Scan labeled Addition.txt.
  • Click the Scan button.
  • It will generate a log (FRST.txt) in the same directory from which the tool is run.
  • Please copy and paste the contents of FRST.txt in your reply.
  • It also will make a second log, named Addition.txt. Please paste the contents of that log as well.
Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 12:39 pm

Hi Aksey127,

The ads are everything from Sony products, airline and hotel deals, to supposed downloads and games. I'll attach some of the ads below:

Image

Image
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 125 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware