Buenas.
Si trae otro log de OTL.
Saludos.
Bienvenidos al Foro de InfoSpyware
La mayor comunidad en idioma español de:
...Malwares en general y otras amenazas que inundan la internet
Regístrese para solicitar ayuda personalizada, o siga guías de ayuda.
p.s.: Pueden seguirnos en nuestras vías de difusión: Twitter, G+, Blog, Facebook.
Resumen del tema: Virus Coin Miner - Buenas. Si trae otro log de OTL. Saludos....
Buenas.
Si trae otro log de OTL.
Saludos.
If on your journey, you should encounter God, God will be cut!
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Bien, acá va de nuevo.
Saludos!
OTL logfile created on: 19/08/2012 06:38:51 p.m. - Run 2
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\CARLOS\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000380a | Country: Uruguay | Language: ESY | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,22% Memory free
8,00 Gb Paging File | 6,07 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 230,41 Gb Free Space | 49,47% Space Free | Partition Type: NTFS
Drive F: | 372,61 Gb Total Space | 370,16 Gb Free Space | 99,34% Space Free | Partition Type: NTFS
Computer Name: CARLOS-PC | User Name: CARLOS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\CARLOS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Genius Multimedia\TVGo A12 Utilities\HMCP3XCtl.exe ()
PRC - C:\Program Files (x86)\Genius Multimedia\HyperMediaCenter\DTVR\Scheduled.exe ()
PRC - C:\Program Files (x86)\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Users\CARLOS\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1a7c90bf70e6fef2970dd02ca5def39a\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Genius Multimedia\TVGo A12 Utilities\HMCP3XCtl.exe ()
MOD - C:\Program Files (x86)\Genius Multimedia\HyperMediaCenter\DTVR\Scheduled.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Reference 2009\MSENCXML.DLL ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Reference 2009\ERSREGPR.DLL ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Reference 2009\MSENCDAT.DLL ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Reference 2009\ENCCONT.DLL ()
MOD - C:\Program Files (x86)\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICTEIT.EBK ()
MOD - C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Widgets\js32.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
MOD - C:\Program Files (x86)\Genius Multimedia\HyperMediaCenter\DTVR\kwspnd.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudobex) -- C:\Windows\SysNative\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111218043147175&tb_oid=18-12-2011&tb_mrud=18-12-2011
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-UY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 6B 30 02 01 99 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{56902151-FCE5-4DBD-8F2E-4747FAC97F7D}: "URL" = http://search.avg.com/route/?d=4c4308bc&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_es
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111218043147175&tb_oid=18-12-2011&tb_mrud=18-12-2011
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:28312
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20111218043147175&tb_oid=22-12-2011&tb_mrud=22-12-2011&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 21:25:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/19 15:31:09 | 000,000,000 | ---D | M]
[2011/03/25 22:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Extensions
[2012/08/14 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions
[2011/12/18 01:31:54 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012/01/20 21:34:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/20 21:34:13 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions\[email protected]
[2012/02/10 22:25:14 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions\[email protected]
[2011/12/21 22:07:51 | 000,002,354 | ---- | M] () -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\searchplugins\aol-web-search.xml
[2011/03/29 22:54:57 | 000,003,915 | ---- | M] () -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\searchplugins\sweetim.xml
[2012/02/10 22:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/31 23:06:10 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\CARLOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MZ2USQOL.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012/02/10 22:23:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 15:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/10 22:23:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/10 22:23:17 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/02/10 22:23:17 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2011/11/04 23:11:19 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/10 22:23:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/10 22:23:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/02/10 22:23:17 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml
========== Chrome ==========
CHR - homepage: http://start.facemoods.com/?a=ddrnw
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.facemoods.com/?a=ddrnw
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - Extension: YouTube = C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/08/19 15:04:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Center Agent] C:\Program Files (x86)\Genius Multimedia\HyperMediaCenter\DTVR\Scheduled.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [E09EXLRD_2281500] C:\Program Files (x86)\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Mitch Heinrik] C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik\Mitch Heinrik.exe File not foundO4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files (x86)\Genius Multimedia\TVGo A12 Utilities\HMCP3XCtl.exe ()
O4 - Startup: C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.18.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CBE2372-37AA-4708-B868-FD593C5EF278}: DhcpNameServer = 198.18.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\5881e1b148120e5168ff133851c568c2.dll) - C:\Windows\5881e1b148120e5168ff133851c568c2.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/15 21:45:47 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/08/15 21:45:47 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/19 18:14:39 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\Documents\Prince of Persia
[2012/08/19 15:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/18 19:17:13 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\CARLOS\Desktop\OTL.exe
[2012/08/15 21:45:47 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2012/08/15 21:39:09 | 000,000,000 | ---D | C] -- C:\UsbFix
[2012/08/15 21:38:58 | 001,271,879 | ---- | C] (El Desaparecido) -- C:\Users\CARLOS\Desktop\UsbFix.exe
[2012/08/14 23:53:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 23:48:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/14 22:58:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/14 22:58:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/14 22:58:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/14 22:57:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/14 22:57:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/14 22:54:48 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\CARLOS\Desktop\ComboFix.exe
[2012/08/13 21:51:19 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\CARLOS\Desktop\HijackThis.exe
[2012/08/12 13:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/08/12 00:06:03 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/08/12 00:06:02 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/12 00:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/11 23:41:35 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\DriverCure
[2012/08/11 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\SpeedyPC Software
[2012/08/11 22:39:26 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\CARLOS\Desktop\SpyHunter-Installer.exe
[2012/08/11 22:37:57 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 22:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 22:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 22:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 22:36:19 | 004,986,272 | ---- | C] (SpeedyPC Software) -- C:\Users\CARLOS\Desktop\SpeedyPC Pro Installer.exe
[2012/08/06 20:25:05 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Percival
[2012/08/06 20:24:41 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Barry
[2012/08/06 20:24:40 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Hunfredo
[2012/08/06 20:24:16 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Sigismund
[2012/08/06 19:54:19 | 000,000,000 | RHSD | C] -- C:\Windows\Noble
[2012/08/06 19:54:14 | 000,000,000 | RHSD | C] -- C:\Windows\Georg
[2012/08/06 19:54:11 | 000,000,000 | RHSD | C] -- C:\Windows\Jaymie
[2012/08/06 19:54:04 | 000,000,000 | RHSD | C] -- C:\Windows\Tibold Valentino
[2012/08/03 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\Sutton
[2012/08/03 19:23:29 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik
[2012/08/03 19:23:26 | 000,000,000 | RHSD | C] -- C:\Windows\Felix Paddie
[2012/08/03 19:23:23 | 000,000,000 | RHSD | C] -- C:\Windows\Hayyim Henderson Patin
[2012/08/03 19:20:12 | 000,000,000 | RHSD | C] -- C:\Windows\Kristoforo Markos Trever
[2012/08/03 19:20:08 | 000,000,000 | RHSD | C] -- C:\Windows\Brendin
[2012/08/03 19:19:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/21 19:31:02 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\Documents\DVDFab 8.1.9.6 - Crack
[2012/07/21 19:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012/07/20 18:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/20 18:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/28 15:36:41 | 003,513,989 | ---- | C] (YoutubeDownloaderHD.com ) -- C:\Program Files (x86)\youtube_downloader_hd_setup.exe
[2010/10/03 21:01:40 | 001,288,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2010/07/25 21:30:17 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\CARLOS\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2012/08/19 18:40:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 18:40:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/19 18:16:49 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/19 18:12:09 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 18:12:09 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 18:06:25 | 000,437,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/19 18:06:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/19 18:05:36 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 15:42:46 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/19 15:13:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2P7glDaCB
[2012/08/19 15:07:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\23535d81a88cc155f8bde6b384c9cbd0
[2012/08/19 15:06:50 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\9314ba2f5334fc76cd8f740ffa3b48b7
...
[2012/08/19 15:06:48 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\ce27d78e346a7315a031574160e6fad8
[2012/08/19 15:06:48 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\af37cae8dbc26ce357474125e6b90e65
[2012/08/19 15:06:34 | 000,205,825 | RHS- | M] () -- C:\Windows\5881e1b148120e5168ff133851c568c2.dll
[2012/08/19 15:04:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/19 15:03:45 | 000,000,050 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c26.dat
[2012/08/19 14:50:07 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\23112b03430e66b5d6c204180e2ffa4b
...
[2012/08/18 19:15:56 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\132eeb29eead0d1986c968aa58512fbe
[2012/08/18 19:15:53 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\e9e4d62c5166553a70f698ac9a6fc016
[2012/08/18 19:12:14 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\CARLOS\Desktop\OTL.exe
[2012/08/15 23:52:15 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\FIFA 11 - Acceso directo.lnk
[2012/08/15 23:52:02 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\DEVIL MAY CRY 4 - Acceso directo.lnk
[2012/08/15 23:51:38 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\Prototype - Acceso directo.lnk
[2012/08/15 23:51:19 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\Prince of Persia® Las Arenas Olvidadas - Acceso directo.lnk
[2012/08/15 23:51:13 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\Prince of Persia - Acceso directo.lnk
[2012/08/15 23:51:05 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\STREET FIGHTER IV - Acceso directo (2).lnk
[2012/08/15 23:49:29 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\757f42210a1ffd80019c73d810ed3e02
[2012/08/15 23:49:26 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\f8a1242c0f533571e57a1057316f4272
...
[2012/08/15 21:58:40 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\51e521f93f1c68e113d2e6172b2cb13a
[2012/08/15 21:58:40 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\175dae06fd1c487ffe53c1f9027b5e4d
[2012/08/15 21:45:53 | 015,354,437 | ---- | M] () -- C:\UsbFix_Upload_Me_CARLOS-PC.zip
[2012/08/15 21:45:39 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\bed5b5a59eb5a5567b23f12dc75ded3f
[2012/08/15 21:45:34 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\e0a4c4fe861191e2f1a9e9672208866a
[2012/08/15 21:37:12 | 001,271,879 | ---- | M] (El Desaparecido) -- C:\Users\CARLOS\Desktop\UsbFix.exe
[2012/08/15 21:24:49 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\2e3a87c503ab4b34eab7250cabd78a69
[2012/08/15 21:24:23 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\84c8117d4a27150211395b43e186708c
...
[2012/08/14 23:55:40 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\0e6c62f5335fc5238d031da021229df9
[2012/08/14 23:55:34 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\8ecf8cf5dc38cd989ae9c8257e6e8e25
[2012/08/14 23:35:12 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\fMuSBiYba
[2012/08/14 23:29:57 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\P7glDaCBa
[2012/08/14 23:26:39 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\13ec11ae41a785c9943eff4e115d5e41
[2012/08/14 23:26:14 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\6b53b7eecffafdcd7d05eefec076fbcb
...
[2012/08/14 23:03:20 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5260c9ce694bcf0f35287d16103068b1
[2012/08/14 23:03:18 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\72576e1a27c3c1f5cc28940abc5047da
[2012/08/14 22:44:20 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\CARLOS\Desktop\ComboFix.exe
[2012/08/13 21:51:53 | 001,716,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/13 21:51:53 | 000,761,052 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/08/13 21:51:53 | 000,665,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/13 21:51:53 | 000,165,756 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/08/13 21:51:53 | 000,127,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/13 21:17:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\CARLOS\Desktop\HijackThis.exe
[2012/08/12 03:03:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\fMuSBiYbud281
[2012/08/12 00:06:03 | 000,002,256 | ---- | M] () -- C:\Users\CARLOS\Desktop\SpyHunter.lnk
[2012/08/11 23:41:39 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 22:39:26 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\CARLOS\Desktop\SpyHunter-Installer.exe
[2012/08/11 22:37:57 | 000,001,195 | ---- | M] () -- C:\Users\CARLOS\Desktop\SpeedyPC Pro.lnk
[2012/08/11 22:36:36 | 004,986,272 | ---- | M] (SpeedyPC Software) -- C:\Users\CARLOS\Desktop\SpeedyPC Pro Installer.exe
[2012/08/11 22:35:26 | 000,001,205 | ---- | M] () -- C:\Users\CARLOS\Desktop\FixNCR.reg
[2012/08/11 20:47:42 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\wz48AK2sa
[2012/08/11 20:29:02 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\YUUqrV1ha
[2012/08/04 02:11:55 | 000,433,664 | RHS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2.3TpGl3Ew
[2012/07/31 08:03:48 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/07/21 19:27:49 | 000,001,053 | ---- | M] () -- C:\Users\CARLOS\Desktop\DVDFab Profile Editor.lnk
[2012/07/21 19:27:49 | 000,001,016 | ---- | M] () -- C:\Users\CARLOS\Desktop\DVDFab 8 Qt.lnk
[2012/07/20 18:44:04 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
========== Files Created - No Company Name ==========
[2012/08/19 15:07:00 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\23535d81a88cc155f8bde6b384c9cbd0
[2012/08/19 15:06:50 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\9314ba2f5334fc76cd8f740ffa3b48b7
...
[2012/08/18 19:15:56 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\132eeb29eead0d1986c968aa58512fbe
[2012/08/18 19:15:53 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\e9e4d62c5166553a70f698ac9a6fc016
[2012/08/15 23:52:15 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\FIFA 11 - Acceso directo.lnk
[2012/08/15 23:52:02 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\DEVIL MAY CRY 4 - Acceso directo.lnk
[2012/08/15 23:51:38 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\Prototype - Acceso directo.lnk
[2012/08/15 23:51:19 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\Prince of Persia® Las Arenas Olvidadas - Acceso directo.lnk
[2012/08/15 23:51:13 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\Prince of Persia - Acceso directo.lnk
[2012/08/15 23:51:05 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\STREET FIGHTER IV - Acceso directo (2).lnk
[2012/08/15 23:49:29 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\757f42210a1ffd80019c73d810ed3e02
[2012/08/15 23:49:26 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\f8a1242c0f533571e57a1057316f4272
...
[2012/08/15 21:58:40 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\51e521f93f1c68e113d2e6172b2cb13a
[2012/08/15 21:58:40 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\175dae06fd1c487ffe53c1f9027b5e4d
[2012/08/15 21:45:52 | 015,354,437 | ---- | C] () -- C:\UsbFix_Upload_Me_CARLOS-PC.zip
[2012/08/15 21:45:39 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\bed5b5a59eb5a5567b23f12dc75ded3f
[2012/08/15 21:45:34 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\e0a4c4fe861191e2f1a9e9672208866a
...
[2012/08/14 23:55:40 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\0e6c62f5335fc5238d031da021229df9
[2012/08/14 23:55:34 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\8ecf8cf5dc38cd989ae9c8257e6e8e25
[2012/08/14 23:55:28 | 000,205,825 | RHS- | C] () -- C:\Windows\5881e1b148120e5168ff133851c568c2.dll
[2012/08/14 23:47:01 | 000,000,050 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c26.dat
[2012/08/14 23:26:39 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\13ec11ae41a785c9943eff4e115d5e41
[2012/08/14 23:26:14 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\6b53b7eecffafdcd7d05eefec076fbcb
...
[2012/08/14 23:03:20 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5260c9ce694bcf0f35287d16103068b1
[2012/08/14 23:03:18 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\72576e1a27c3c1f5cc28940abc5047da
[2012/08/14 22:58:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/14 22:58:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/14 22:58:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/14 22:58:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/14 22:58:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/14 22:45:40 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5242eb9308b2af608bd5dd803bb32493
[2012/08/14 22:42:05 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\02e8d81742946e265fbc583a33e92497
[2012/08/12 03:26:46 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\cd6913d3a1a328e9cace21b40b6b0d29
[2012/08/12 03:03:00 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\fMuSBiYbud281
[2012/08/12 02:57:53 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2P7glDaCB
[2012/08/12 00:06:03 | 000,002,256 | ---- | C] () -- C:\Users\CARLOS\Desktop\SpyHunter.lnk
[2012/08/11 23:41:39 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 22:37:57 | 000,001,195 | ---- | C] () -- C:\Users\CARLOS\Desktop\SpeedyPC Pro.lnk
[2012/08/11 22:35:26 | 000,001,205 | ---- | C] () -- C:\Users\CARLOS\Desktop\FixNCR.reg
[2012/08/11 19:41:03 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\a0762a883bfa6dd8267786eff802153e
[2012/08/06 20:32:42 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\YUUqrV1ha
[2012/08/06 20:30:49 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\wz48AK2sa
[2012/08/03 19:27:01 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\P7glDaCBa
[2012/08/03 19:24:47 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\fMuSBiYba
[2012/08/03 19:23:34 | 000,433,664 | RHS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2.3TpGl3Ew
[2012/08/03 19:21:05 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2fMuSBiYb
[2012/07/31 08:03:48 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/07/21 19:27:49 | 000,001,053 | ---- | C] () -- C:\Users\CARLOS\Desktop\DVDFab Profile Editor.lnk
[2012/07/21 19:27:49 | 000,001,016 | ---- | C] () -- C:\Users\CARLOS\Desktop\DVDFab 8 Qt.lnk
[2012/07/20 18:44:04 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/02 23:34:40 | 000,000,173 | ---- | C] () -- C:\Users\CARLOS\AppData\Local\msmathematics.qat.CARLOS
[2012/02/27 21:30:09 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/01/31 21:58:52 | 000,000,412 | ---- | C] () -- C:\Users\CARLOS\AppData\Roaming\All CPU Meter_Settings.ini
[2011/12/25 00:49:26 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/25 17:55:02 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/10 20:03:51 | 000,003,584 | ---- | C] () -- C:\Users\CARLOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/21 21:27:19 | 000,000,094 | ---- | C] () -- C:\Users\CARLOS\AppData\Local\fusioncache.dat
[2010/09/12 00:50:44 | 001,738,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/12 00:49:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/12 00:49:22 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/12 00:49:22 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/07/25 21:30:17 | 000,007,859 | ---- | C] () -- C:\Users\CARLOS\AppData\Roaming\pcouffin.cat
[2010/07/25 21:30:17 | 000,001,167 | ---- | C] () -- C:\Users\CARLOS\AppData\Roaming\pcouffin.inf
[2010/07/19 19:38:38 | 000,007,605 | ---- | C] () -- C:\Users\CARLOS\AppData\Local\Resmon.ResmonCfg
========== LOP Check ==========
[2011/04/21 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Babylon
[2012/08/11 21:20:48 | 000,000,000 | RHSD | M] -- C:\Users\CARLOS\AppData\Roaming\Barry
[2010/08/25 23:15:39 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\******* creations
[2012/02/26 10:14:50 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\com.w3i.FlipToast
[2010/07/18 17:20:48 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\cYo
[2010/07/25 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\DAEMON Tools Lite
[2011/12/17 14:11:46 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\DAEMON Tools Pro
[2012/08/11 23:41:35 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\DriverCure
[2010/08/01 11:15:55 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\EPSON
[2012/02/26 10:11:10 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\FinalTorrent
[2010/07/22 22:35:55 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Genius Multimedia
[2011/06/13 23:59:40 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\GetRightToGo
[2012/08/11 21:19:48 | 000,000,000 | RHSD | M] -- C:\Users\CARLOS\AppData\Roaming\Hunfredo
[2010/12/19 22:20:07 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Leadertech
[2011/10/20 09:23:56 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\LolClient
[2011/06/14 00:06:35 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Marine Aquarium 3
[2012/08/14 23:45:51 | 000,000,000 | RHSD | M] -- C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik
[2011/12/18 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Nitro PDF
[2010/09/27 22:50:33 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\NumusAutoDiskBuilder
[2011/12/18 01:31:17 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\OpenCandy
[2012/08/11 21:23:00 | 000,000,000 | RHSD | M] -- C:\Users\CARLOS\AppData\Roaming\Percival
[2012/05/17 22:58:03 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Rovio
[2011/10/11 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Samsung
[2012/08/11 21:20:47 | 000,000,000 | RHSD | M] -- C:\Users\CARLOS\AppData\Roaming\Sigismund
[2012/02/26 10:08:32 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Smart PC Cleaner
[2012/08/11 23:41:34 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\SpeedyPC Software
[2012/08/03 19:23:34 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Sutton
[2011/02/19 14:18:28 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Vso
[2010/07/18 13:36:42 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Youtube Downloader HD
[2012/08/19 15:15:29 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/11 23:41:39 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
========== Purity Check ==========
< End of report >
Buenas.
Ejecutá OTL.exe
1.- Copiar el siguiente texto (excluyendo la palabra Código):
2.- Pegar el contenido sobre el apartado: Análisis Personalizados /Código de Reparación.Código::OTL O4 - HKCU..\Run: [Mitch Heinrik] C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik\Mitch Heinrik.exe [2012/08/06 20:24:40 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Hunfredo [2012/08/06 20:24:16 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Sigismund [2012/08/06 19:54:19 | 000,000,000 | RHSD | C] -- C:\Windows\Noble [2012/08/06 19:54:14 | 000,000,000 | RHSD | C] -- C:\Windows\Georg [2012/08/06 19:54:11 | 000,000,000 | RHSD | C] -- C:\Windows\Jaymie [2012/08/06 19:54:04 | 000,000,000 | RHSD | C] -- C:\Windows\Tibold Valentino [2012/08/03 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\Sutton [2012/08/03 19:23:29 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik [2012/08/03 19:23:26 | 000,000,000 | RHSD | C] -- C:\Windows\Felix Paddie [2012/08/03 19:23:23 | 000,000,000 | RHSD | C] -- C:\Windows\Hayyim Henderson Patin [2012/08/03 19:20:12 | 000,000,000 | RHSD | C] -- C:\Windows\Kristoforo Markos Trever [2012/08/03 19:20:08 | 000,000,000 | RHSD | C] -- C:\Windows\Brendin [2012/08/15 23:49:29 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\757f42210a1ffd80019c73d810ed3e02 [2012/08/15 23:49:26 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\f8a1242c0f533571e57a1057316f4272 [2012/08/15 21:58:40 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\51e521f93f1c68e113d2e6172b2cb13a [2012/08/15 21:58:40 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\175dae06fd1c487ffe53c1f9027b5e4d [2012/08/11 20:47:42 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\wz48AK2sa [2012/08/11 20:29:02 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\YUUqrV1ha [2012/08/04 02:11:55 | 000,433,664 | RHS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2.3TpGl3Ew :Files C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik\Mitch Heinrik.exe :Commands [PURITY] [RESETHOSTS] [EMPTYFLASH] [EMPTYTEMP] [CREATERESTOREPOINT]
3.- Presionar el botón Reparar para comenzar el procedimiento. Presionar OK.
OTL va a reiniciar el ordenador para completar el procedimiento.
Guardar el nuevo reporte generado. Copiar y pegarlo en su próxima respuesta, comentando como funciona el Sistema.
If on your journey, you should encounter God, God will be cut!
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Corri el OTL con el código que me pasaste. Te dejo el resultado.
Ahora sí se borró la entrada esa de la registry.
Igualmente te paso en otro post, nuevamente el análisis para que me confirmes si ves algo más que deberíamos eliminar.
Muchas gracias!
----------------------------------------------------------------------
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mitch Heinrik deleted successfully.
File C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik\Mitch Heinrik.exe not found.
C:\Users\CARLOS\AppData\Roaming\Hunfredo folder moved successfully.
C:\Users\CARLOS\AppData\Roaming\Sigismund folder moved successfully.
C:\Windows\Noble folder moved successfully.
C:\Windows\Georg folder moved successfully.
C:\Windows\Jaymie folder moved successfully.
C:\Windows\Tibold Valentino folder moved successfully.
C:\Users\CARLOS\AppData\Roaming\Sutton folder moved successfully.
C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik folder moved successfully.
C:\Windows\Felix Paddie folder moved successfully.
C:\Windows\Hayyim Henderson Patin folder moved successfully.
C:\Windows\Kristoforo Markos Trever folder moved successfully.
C:\Windows\Brendin folder moved successfully.
C:\Users\CARLOS\AppData\Roaming\757f42210a1ffd80019c73d810ed3e02 moved successfully.
C:\Users\CARLOS\AppData\Roaming\f8a1242c0f533571e57a1057316f4272 moved successfully.
C:\Users\CARLOS\AppData\Roaming\51e521f93f1c68e113d2e6172b2cb13a moved successfully.
C:\Users\CARLOS\AppData\Roaming\175dae06fd1c487ffe53c1f9027b5e4d moved successfully.
C:\Users\CARLOS\AppData\Roaming\wz48AK2sa moved successfully.
C:\Users\CARLOS\AppData\Roaming\YUUqrV1ha moved successfully.
C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2.3TpGl3Ew moved successfully.
========== FILES ==========
File\Folder C:\Users\CARLOS\AppData\Roaming\Mitch Heinrik\Mitch Heinrik.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: Administrator
User: All Users
User: CARLOS
->Flash cache emptied: 1018 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: CARLOS
->Temp folder emptied: 404196 bytes
->Temporary Internet Files folder emptied: 76888134 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1524616 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 545322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 76,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.58.0 log created on 08202012_230306
Files\Folders moved on Reboot...
C:\Users\CARLOS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\CARLOS\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Te dejo el resultado de un nuevo análisis.
Quedo a la espera de tus comentarios por si entendés que tendría que eliminar algo más.
Un problema que me di cuenta ahora es que no puedo acceder a la carpeta C:\Archivos de Programa; me dice que no tengo permisos.
Me fijé la configuración y mi usuario es administrador. Nunca tenía problemas para acceder a la misma.
Tenés idea si esto está relacionado con el virus ó a alguno de los programas que hemos corrido?
Muchas gracias!
------------------------------------------------------------------------------------
OTL logfile created on: 20/08/2012 11:11:35 p.m. - Run 3
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\CARLOS\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000380a | Country: Uruguay | Language: ESY | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,03% Memory free
8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 209,17 Gb Free Space | 44,91% Space Free | Partition Type: NTFS
Drive F: | 372,61 Gb Total Space | 370,16 Gb Free Space | 99,34% Space Free | Partition Type: NTFS
Computer Name: CARLOS-PC | User Name: CARLOS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\CARLOS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Genius Multimedia\TVGo A12 Utilities\HMCP3XCtl.exe ()
PRC - C:\Program Files (x86)\Genius Multimedia\HyperMediaCenter\DTVR\Scheduled.exe ()
PRC - C:\Program Files (x86)\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Users\CARLOS\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1a7c90bf70e6fef2970dd02ca5def39a\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Genius Multimedia\TVGo A12 Utilities\HMCP3XCtl.exe ()
MOD - C:\Program Files (x86)\Genius Multimedia\HyperMediaCenter\DTVR\Scheduled.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Reference 2009\MSENCXML.DLL ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Reference 2009\ERSREGPR.DLL ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Reference 2009\MSENCDAT.DLL ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Reference 2009\ENCCONT.DLL ()
MOD - C:\Program Files (x86)\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICTEIT.EBK ()
MOD - C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Widgets\js32.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
MOD - C:\Program Files (x86)\Genius Multimedia\HyperMediaCenter\DTVR\kwspnd.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudobex) -- C:\Windows\SysNative\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111218043147175&tb_oid=18-12-2011&tb_mrud=18-12-2011
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-UY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 6B 30 02 01 99 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{56902151-FCE5-4DBD-8F2E-4747FAC97F7D}: "URL" = http://search.avg.com/route/?d=4c4308bc&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_es
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111218043147175&tb_oid=18-12-2011&tb_mrud=18-12-2011
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:28312
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20111218043147175&tb_oid=22-12-2011&tb_mrud=22-12-2011&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 21:25:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/19 15:31:09 | 000,000,000 | ---D | M]
[2011/03/25 22:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Extensions
[2012/08/14 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions
[2011/12/18 01:31:54 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012/01/20 21:34:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/20 21:34:13 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions\[email protected]
[2012/02/10 22:25:14 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\extensions\[email protected]
[2011/12/21 22:07:51 | 000,002,354 | ---- | M] () -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\searchplugins\aol-web-search.xml
[2011/03/29 22:54:57 | 000,003,915 | ---- | M] () -- C:\Users\CARLOS\AppData\Roaming\Mozilla\Firefox\Profiles\mz2usqol.default\searchplugins\sweetim.xml
[2012/02/10 22:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/31 23:06:10 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\CARLOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MZ2USQOL.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012/02/10 22:23:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 15:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/10 22:23:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/10 22:23:17 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/02/10 22:23:17 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2011/11/04 23:11:19 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/10 22:23:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/10 22:23:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/02/10 22:23:17 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml
========== Chrome ==========
CHR - homepage: http://start.facemoods.com/?a=ddrnw
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.facemoods.com/?a=ddrnw
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - Extension: YouTube = C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/08/20 23:03:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Center Agent] C:\Program Files (x86)\Genius Multimedia\HyperMediaCenter\DTVR\Scheduled.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [E09EXLRD_2281500] C:\Program Files (x86)\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files (x86)\Genius Multimedia\TVGo A12 Utilities\HMCP3XCtl.exe ()
O4 - Startup: C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.18.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CBE2372-37AA-4708-B868-FD593C5EF278}: DhcpNameServer = 198.18.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\5881e1b148120e5168ff133851c568c2.dll) - C:\Windows\5881e1b148120e5168ff133851c568c2.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/15 21:45:47 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/08/15 21:45:47 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/19 22:12:32 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\Documents\Activision
[2012/08/19 22:06:48 | 000,000,000 | ---D | C] -- C:\Prototype 2
[2012/08/19 21:04:13 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\Desktop\Nueva carpeta (2)
[2012/08/19 18:14:39 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\Documents\Prince of Persia
[2012/08/19 15:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/18 19:17:13 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\CARLOS\Desktop\OTL.exe
[2012/08/15 21:45:47 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2012/08/15 21:39:09 | 000,000,000 | ---D | C] -- C:\UsbFix
[2012/08/15 21:38:58 | 001,271,879 | ---- | C] (El Desaparecido) -- C:\Users\CARLOS\Desktop\UsbFix.exe
[2012/08/14 23:53:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 23:48:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/14 22:58:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/14 22:58:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/14 22:58:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/14 22:57:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/14 22:57:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/14 22:54:48 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\CARLOS\Desktop\ComboFix.exe
[2012/08/13 21:51:19 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\CARLOS\Desktop\HijackThis.exe
[2012/08/12 13:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/08/12 00:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/11 23:41:35 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\DriverCure
[2012/08/11 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\SpeedyPC Software
[2012/08/11 22:39:26 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\CARLOS\Desktop\SpyHunter-Installer.exe
[2012/08/11 22:37:57 | 000,000,000 | ---D | C] -- C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 22:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 22:36:19 | 004,986,272 | ---- | C] (SpeedyPC Software) -- C:\Users\CARLOS\Desktop\SpeedyPC Pro Installer.exe
[2012/08/06 20:25:05 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Percival
[2012/08/06 20:24:41 | 000,000,000 | RHSD | C] -- C:\Users\CARLOS\AppData\Roaming\Barry
[2012/08/03 19:19:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/28 15:36:41 | 003,513,989 | ---- | C] (YoutubeDownloaderHD.com ) -- C:\Program Files (x86)\youtube_downloader_hd_setup.exe
[2010/10/03 21:01:40 | 001,288,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2010/07/25 21:30:17 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\CARLOS\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2012/08/20 23:16:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/20 2315 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 23
[2012/08/20 23:05:15 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 23:04:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/20 23:04:51 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/20 23:03:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/20 23:00:39 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/20 19:26:51 | 000,000,559 | ---- | M] () -- C:\Users\CARLOS\Desktop\prototype2 - Acceso directo.lnk
[2012/08/19 21:34:00 | 001,716,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/19 21:34:00 | 000,761,052 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/08/19 21:34:00 | 000,665,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/19 21:34:00 | 000,165,756 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/08/19 21:34:00 | 000,127,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/19 21:18:40 | 000,000,252 | ---- | M] () -- C:\Users\CARLOS\AppData\Roaming\GPU MeterV2_Settings.ini
[2012/08/19 21:08:46 | 000,138,473 | ---- | M] () -- C:\Users\CARLOS\Desktop\GPU_Meter.zip
[2012/08/19 19:12:03 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\STREET FIGHTER IV - Acceso directo.lnk
[2012/08/19 19:11:56 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\Prototype - Acceso directo.lnk
[2012/08/19 19:11:45 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\FIFA 11 - Acceso directo.lnk
[2012/08/19 19:11:41 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\Prince of Persia® Las Arenas Olvidadas - Acceso directo.lnk
[2012/08/19 19:11:34 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\Prince of Persia - Acceso directo.lnk
[2012/08/19 19:11:27 | 000,000,136 | ---- | M] () -- C:\Users\CARLOS\Desktop\DEVIL MAY CRY 4 - Acceso directo.lnk
[2012/08/19 18:06:25 | 000,437,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/19 15:42:46 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/19 15:13:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2P7glDaCB
[2012/08/19 15:07:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\23535d81a88cc155f8bde6b384c9cbd0
[2012/08/19 15:06:50 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\9314ba2f5334fc76cd8f740ffa3b48b7
--HAY UN MONTÓN DE REGISTROS DE ESTE TIPO, NO LOS PUEDO POSTEAR PORQUE EXCEDE EL LARGO DEL MENSAJE--
[2012/08/19 15:06:48 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\ce27d78e346a7315a031574160e6fad8
[2012/08/19 15:06:48 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\af37cae8dbc26ce357474125e6b90e65
[2012/08/19 15:06:34 | 000,205,825 | RHS- | M] () -- C:\Windows\5881e1b148120e5168ff133851c568c2.dll
[2012/08/19 15:03:45 | 000,000,050 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c26.dat
[2012/08/19 14:50:07 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\23112b03430e66b5d6c204180e2ffa4b
[2012/08/19 14:47:51 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\66aa90405586235065041a57e1994785
--HAY UN MONTÓN DE REGISTROS DE ESTE TIPO, NO LOS PUEDO POSTEAR PORQUE EXCEDE EL LARGO DEL MENSAJE--
[2012/08/19 14:47:26 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\fd98ed826c9f3ec47e75550f09ebd018
[2012/08/19 14:47:26 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\7da64364c361b148bf3c73c66610ae7a
[2012/08/19 14:47:16 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2fMuSBiYb
[2012/08/19 14:47:16 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\10766cbe1d90695175d839677af33e4c
[2012/08/19 14:47:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\8b808b2954ec1ca8f276d39a13b16e99
--HAY UN MONTÓN DE REGISTROS DE ESTE TIPO, NO LOS PUEDO POSTEAR PORQUE EXCEDE EL LARGO DEL MENSAJE--
[2012/08/19 14:47:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\725bea72885be2afb58fc42b49392165
[2012/08/19 14:47:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\038d28e83ce37c4c881084f252dbc27a
[2012/08/18 19:12:14 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\CARLOS\Desktop\OTL.exe
[2012/08/15 23:49:26 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\f0328511092c76e105f96d852b862467
[2012/08/15 23:49:26 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\ddaa8e00176e3809e0c2b04ec5946580
--HAY UN MONTÓN DE REGISTROS DE ESTE TIPO, NO LOS PUEDO POSTEAR PORQUE EXCEDE EL LARGO DEL MENSAJE--
[2012/08/15 23:49:26 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\d8d2bee78c6b489e9e082a1422987637
[2012/08/15 23:49:26 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\bd63d31b8a67c90092b37a4138e1bc90
[2012/08/15 21:45:53 | 015,354,437 | ---- | M] () -- C:\UsbFix_Upload_Me_CARLOS-PC.zip
[2012/08/15 21:45:39 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\bed5b5a59eb5a5567b23f12dc75ded3f
[2012/08/15 21:45:34 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\e0a4c4fe861191e2f1a9e9672208866a
[2012/08/15 21:37:12 | 001,271,879 | ---- | M] (El Desaparecido) -- C:\Users\CARLOS\Desktop\UsbFix.exe
[2012/08/15 21:24:49 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\2e3a87c503ab4b34eab7250cabd78a69
[2012/08/15 21:24:23 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\84c8117d4a27150211395b43e186708c
--HAY UN MONTÓN DE REGISTROS DE ESTE TIPO, NO LOS PUEDO POSTEAR PORQUE EXCEDE EL LARGO DEL MENSAJE--
[2012/08/15 21:24:07 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\f8f3b59d9303f661989c03239a632b70
[2012/08/15 21:24:07 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\e849512ff0ec570c1e58c3e097bb04e0
[2012/08/14 23:35:12 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\fMuSBiYba
[2012/08/14 23:29:57 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\P7glDaCBa
[2012/08/14 23:26:39 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\13ec11ae41a785c9943eff4e115d5e41
[2012/08/14 23:26:14 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\6b53b7eecffafdcd7d05eefec076fbcb
[2012/08/14 23:26:12 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\545e16f6bd69d541ef00bc437e8bb36d
[2012/08/14 23:25:06 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\92ab9443453e3983ee7781d811d5cda4
[2012/08/14 23:25:04 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\d63a5630665f374f6b0b3fa717ca7e39
[2012/08/14 23:25:03 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\cf26c47fa1f4772a2f2db6cb46fb216c
[2012/08/14 23:24:47 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\63b50ad57ec92dbc335ef0bf7ea37480
[2012/08/14 23:23:31 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\1f70a668b803232ce73d489c3392de3d
[2012/08/14 23:23:25 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\d0573135b16dbbd396be022ef9164177
[2012/08/14 23:22:18 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\cc403ab59059aaba89f426587b8ab2cf
[2012/08/14 23:21:56 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\af48cab55b47771c5ac6aaadb6fb9393
[2012/08/14 23:20:52 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\3da47c4903c68330b4e7d1a8dfb42be9
[2012/08/14 23:19:15 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\101a9ba617e8e7712086dd7e3a29281d
[2012/08/14 23:15:40 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\29204c13fbf1738aabd35fb6f70c0381
[2012/08/14 23:15:37 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\e410c006dc9c628de6c8060d2be7ef76
[2012/08/14 23:14:51 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\314f2e108dc0c476cbe4aa756f1fb066
[2012/08/14 23:13:54 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\78b5cc80fdc1a7b4179c4b46d1881869
[2012/08/14 23:13:04 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\216cb4d88491270ec3234090df5b2e38
[2012/08/14 23:12:42 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\a19c7b4fb6c0b3896ffca576e56a8925
[2012/08/14 23
[2012/08/14 23:09:34 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\09dd746fc854b6947166ad75f92a8070
[2012/08/14 23:09:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\308fd95b9013bf896bb2e053577d73c6
[2012/08/14 23:08:45 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\29918a4821decfcb242c6e32101cdc68
[2012/08/14 23:08:42 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\288127a5d045eb2956ef57c29e5501bc
[2012/08/14 23:08:39 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\bae869aad8bd83a22b4211f83d9fcb15
[2012/08/14 23:08:33 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\bab19a28debce33f3b37443c6fbc9a86
[2012/08/14 23:08:04 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\eeb697b495bf0390cd976897c2e1b4c0
[2012/08/14 23:07:58 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\d8f77ba5880c34adf4ac76259e56d6ef
[2012/08/14 23:05:21 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\ceb7dc9e8c4cea0025c8c12dc110d8a5
[2012/08/14 23:05:03 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\a6d79b213882463d9e35f44dd086de7b
[2012/08/14 23:04:14 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\9e8fd12af728a8882375ae43efad4eb7
[2012/08/14 23:03:20 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\f0686c237bf174ecd3c0c0a589077795
[2012/08/14 23:03:20 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\5260c9ce694bcf0f35287d16103068b1
[2012/08/14 23:03:18 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\72576e1a27c3c1f5cc28940abc5047da
[2012/08/14 22:44:20 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\CARLOS\Desktop\ComboFix.exe
[2012/08/13 21:17:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\CARLOS\Desktop\HijackThis.exe
[2012/08/12 03:03:00 | 000,000,000 | -HS- | M] () -- C:\Users\CARLOS\AppData\Roaming\fMuSBiYbud281
[2012/08/11 22:39:26 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\CARLOS\Desktop\SpyHunter-Installer.exe
[2012/08/11 22:37:57 | 000,001,195 | ---- | M] () -- C:\Users\CARLOS\Desktop\SpeedyPC Pro.lnk
[2012/08/11 22:36:36 | 004,986,272 | ---- | M] (SpeedyPC Software) -- C:\Users\CARLOS\Desktop\SpeedyPC Pro Installer.exe
[2012/08/11 22:35:26 | 000,001,205 | ---- | M] () -- C:\Users\CARLOS\Desktop\FixNCR.reg
[2012/07/31 08:03:48 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
========== Files Created - No Company Name ==========
[2012/08/20 19:26:51 | 000,000,559 | ---- | C] () -- C:\Users\CARLOS\Desktop\prototype2 - Acceso directo.lnk
[2012/08/19 21:18:40 | 000,000,252 | ---- | C] () -- C:\Users\CARLOS\AppData\Roaming\GPU MeterV2_Settings.ini
[2012/08/19 21:08:46 | 000,138,473 | ---- | C] () -- C:\Users\CARLOS\Desktop\GPU_Meter.zip
[2012/08/19 19:12:03 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\STREET FIGHTER IV - Acceso directo.lnk
[2012/08/19 19:11:56 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\Prototype - Acceso directo.lnk
[2012/08/19 19:11:45 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\FIFA 11 - Acceso directo.lnk
[2012/08/19 19:11:41 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\Prince of Persia® Las Arenas Olvidadas - Acceso directo.lnk
[2012/08/19 19:11:34 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\Prince of Persia - Acceso directo.lnk
[2012/08/19 19:11:27 | 000,000,136 | ---- | C] () -- C:\Users\CARLOS\Desktop\DEVIL MAY CRY 4 - Acceso directo.lnk
[2012/08/19 15:07:00 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\23535d81a88cc155f8bde6b384c9cbd0
[2012/08/19 15:06:50 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\9314ba2f5334fc76cd8f740ffa3b48b7
--HAY UN MONTÓN DE REGISTROS DE ESTE TIPO, NO LOS PUEDO POSTEAR PORQUE EXCEDE EL LARGO DEL MENSAJE--
[2012/08/19 15:06:48 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\ce27d78e346a7315a031574160e6fad8
[2012/08/19 15:06:48 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\af37cae8dbc26ce357474125e6b90e65
[2012/08/15 21:45:52 | 015,354,437 | ---- | C] () -- C:\UsbFix_Upload_Me_CARLOS-PC.zip
[2012/08/15 21:45:39 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\bed5b5a59eb5a5567b23f12dc75ded3f
[2012/08/15 21:45:34 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\e0a4c4fe861191e2f1a9e9672208866a
[2012/08/15 21:24:49 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\2e3a87c503ab4b34eab7250cabd78a69
--HAY UN MONTÓN DE REGISTROS DE ESTE TIPO, NO LOS PUEDO POSTEAR PORQUE EXCEDE EL LARGO DEL MENSAJE--
[2012/08/15 21:24:23 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\84c8117d4a27150211395b43e186708c
[2012/08/15 21:24:07 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\f8f3b59d9303f661989c03239a632b70
[2012/08/15 21:24:07 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\d37a14bc0a399cbbe6fb675dc2525360
[2012/08/14 23:55:28 | 000,205,825 | RHS- | C] () -- C:\Windows\5881e1b148120e5168ff133851c568c2.dll
[2012/08/14 23:47:01 | 000,000,050 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c26.dat
[2012/08/14 23:26:39 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\13ec11ae41a785c9943eff4e115d5e41
[2012/08/14 23:26:14 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\6b53b7eecffafdcd7d05eefec076fbcb
[2012/08/14 23:26:12 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\545e16f6bd69d541ef00bc437e8bb36d
[2012/08/14 23:25:06 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\92ab9443453e3983ee7781d811d5cda4
[2012/08/14 23:25:04 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\d63a5630665f374f6b0b3fa717ca7e39
[2012/08/14 23:25:03 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\cf26c47fa1f4772a2f2db6cb46fb216c
[2012/08/14 23:24:47 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\63b50ad57ec92dbc335ef0bf7ea37480
[2012/08/14 23:23:31 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\1f70a668b803232ce73d489c3392de3d
[2012/08/14 23:23:25 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\d0573135b16dbbd396be022ef9164177
[2012/08/14 23:22:18 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\cc403ab59059aaba89f426587b8ab2cf
[2012/08/14 23:21:56 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\af48cab55b47771c5ac6aaadb6fb9393
[2012/08/14 23:20:52 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\3da47c4903c68330b4e7d1a8dfb42be9
[2012/08/14 23:19:15 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\101a9ba617e8e7712086dd7e3a29281d
[2012/08/14 23:15:40 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\29204c13fbf1738aabd35fb6f70c0381
[2012/08/14 23:15:37 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\e410c006dc9c628de6c8060d2be7ef76
[2012/08/14 23:14:51 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\314f2e108dc0c476cbe4aa756f1fb066
[2012/08/14 23:13:54 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\78b5cc80fdc1a7b4179c4b46d1881869
[2012/08/14 23:13:04 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\216cb4d88491270ec3234090df5b2e38
[2012/08/14 23:12:42 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\a19c7b4fb6c0b3896ffca576e56a8925
[2012/08/14 23
[2012/08/14 23:09:34 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\09dd746fc854b6947166ad75f92a8070
[2012/08/14 23:09:00 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\308fd95b9013bf896bb2e053577d73c6
[2012/08/14 23:08:45 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\29918a4821decfcb242c6e32101cdc68
[2012/08/14 23:08:42 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\288127a5d045eb2956ef57c29e5501bc
[2012/08/14 23:08:39 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\bae869aad8bd83a22b4211f83d9fcb15
[2012/08/14 23:08:33 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\bab19a28debce33f3b37443c6fbc9a86
[2012/08/14 23:08:04 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\eeb697b495bf0390cd976897c2e1b4c0
[2012/08/14 23:07:58 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\d8f77ba5880c34adf4ac76259e56d6ef
[2012/08/14 23:05:21 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\ceb7dc9e8c4cea0025c8c12dc110d8a5
[2012/08/14 23:05:03 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\a6d79b213882463d9e35f44dd086de7b
[2012/08/14 23:04:14 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\9e8fd12af728a8882375ae43efad4eb7
[2012/08/14 23:03:20 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\f0686c237bf174ecd3c0c0a589077795
[2012/08/14 23:03:20 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5260c9ce694bcf0f35287d16103068b1
[2012/08/14 23:03:18 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\72576e1a27c3c1f5cc28940abc5047da
[2012/08/14 22:58:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/14 22:58:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/14 22:58:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/14 22:58:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/14 22:58:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/14 22:45:40 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5242eb9308b2af608bd5dd803bb32493
[2012/08/14 22:42:05 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\02e8d81742946e265fbc583a33e92497
[2012/08/12 03:26:46 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\cd6913d3a1a328e9cace21b40b6b0d29
[2012/08/12 03:03:00 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\fMuSBiYbud281
[2012/08/12 02:57:53 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2P7glDaCB
[2012/08/11 22:37:57 | 000,001,195 | ---- | C] () -- C:\Users\CARLOS\Desktop\SpeedyPC Pro.lnk
[2012/08/11 22:35:26 | 000,001,205 | ---- | C] () -- C:\Users\CARLOS\Desktop\FixNCR.reg
[2012/08/11 19:41:03 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\a0762a883bfa6dd8267786eff802153e
[2012/08/03 19:27:01 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\P7glDaCBa
[2012/08/03 19:24:47 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\fMuSBiYba
[2012/08/03 19:21:05 | 000,000,000 | -HS- | C] () -- C:\Users\CARLOS\AppData\Roaming\5881e1b148120e5168ff133851c568c2fMuSBiYb
[2012/07/31 08:03:48 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/05/02 23:34:40 | 000,000,173 | ---- | C] () -- C:\Users\CARLOS\AppData\Local\msmathematics.qat.CARLOS
[2012/02/27 21:30:09 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/01/31 21:58:52 | 000,000,412 | ---- | C] () -- C:\Users\CARLOS\AppData\Roaming\All CPU Meter_Settings.ini
[2011/12/25 00:49:26 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/25 17:55:02 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/10 20:03:51 | 000,003,584 | ---- | C] () -- C:\Users\CARLOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/21 21:27:19 | 000,000,094 | ---- | C] () -- C:\Users\CARLOS\AppData\Local\fusioncache.dat
[2010/09/12 00:50:44 | 001,738,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/12 00:49:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/12 00:49:22 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/12 00:49:22 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/07/25 21:30:17 | 000,007,859 | ---- | C] () -- C:\Users\CARLOS\AppData\Roaming\pcouffin.cat
[2010/07/25 21:30:17 | 000,001,167 | ---- | C] () -- C:\Users\CARLOS\AppData\Roaming\pcouffin.inf
[2010/07/19 19:38:38 | 000,007,605 | ---- | C] () -- C:\Users\CARLOS\AppData\Local\Resmon.ResmonCfg
========== LOP Check ==========
[2011/04/21 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Babylon
[2012/08/11 21:20:48 | 000,000,000 | RHSD | M] -- C:\Users\CARLOS\AppData\Roaming\Barry
[2010/08/25 23:15:39 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\******* creations
[2012/02/26 10:14:50 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\com.w3i.FlipToast
[2010/07/18 17:20:48 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\cYo
[2010/07/25 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\DAEMON Tools Lite
[2011/12/17 14:11:46 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\DAEMON Tools Pro
[2012/08/11 23:41:35 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\DriverCure
[2010/08/01 11:15:55 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\EPSON
[2012/02/26 10:11:10 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\FinalTorrent
[2010/07/22 22:35:55 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Genius Multimedia
[2011/06/13 23:59:40 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\GetRightToGo
[2010/12/19 22:20:07 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Leadertech
[2011/10/20 09:23:56 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\LolClient
[2011/06/14 00:06:35 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Marine Aquarium 3
[2011/12/18 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Nitro PDF
[2010/09/27 22:50:33 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\NumusAutoDiskBuilder
[2011/12/18 01:31:17 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\OpenCandy
[2012/08/11 21:23:00 | 000,000,000 | RHSD | M] -- C:\Users\CARLOS\AppData\Roaming\Percival
[2012/05/17 22:58:03 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Rovio
[2011/10/11 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Samsung
[2012/02/26 10:08:32 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Smart PC Cleaner
[2012/08/11 23:41:34 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\SpeedyPC Software
[2011/02/19 14:18:28 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Vso
[2010/07/18 13:36:42 | 000,000,000 | ---D | M] -- C:\Users\CARLOS\AppData\Roaming\Youtube Downloader HD
[2012/08/19 15:15:29 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Buenas.
Buenas.
Realiza lo siguiente:
- Descarga AT-Destroyer by InfoSpyware en tu escritorio.
- Deshabilita temporalmente tus herramientas Antivirus y/o Antispyware.
- Has doble clic sobre AT-Destroyer.exe para ejecutar la herramienta.
- Has clic en Si para aceptar los términos, pulsa la tecla 1, a continuación pulsa enter.
- El escritorio desaparecerá momentáneamente, esto es normal, terminando el análisis clic en Aceptar.
Se abrirá un bloc de notas con el reporte, copia y pega todo su contenido en la siguiente respuesta para revisarlo.
Sobre el bloqueo de archivos de programas seguí los pasos indicados Aqui
If on your journey, you should encounter God, God will be cut!
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Buenas.
Te cuento que siguiendo los pasos pude renombrar las carpetas de "Archivos de programas".
Pero lo que veo es que como que mi usuario perdió los permisos de Administrador.
Por ejemplo, si voy a habilitar el firewall me dice "Por seguridad, el administrador del sistema administra ciertas configuraciones."
También me aparece bloqueada la opción de deshabilitar el Malwarebytes.
Cómo puedo solucionar esto?
Muchas gracias!
Te dejo el resultado de ejecutar el AT Destroyer con las instrucciones que me pasaste.
Espero tus comentarios.
Muchas gracias!
----------------------------------------------------------------------------------------
#################################################### A/T-Destroyer by InfoSpyware ############
A/T-Destroyer 1.0.6 By Infospyware
www.infospyware.com
Fecha iniciada en el analisis 21/08/2012
Hora iniciada en el analisis 22:09:50,42
Usuario Actual : [C:\Users\CARLOS]
Sistema Operativo: Windows 7 Ultimate
Arquitectura: Sistema operativo de 64 bits
Versión Internet Explorer: 9.0.8112.16421
Modo Actual: Modo Normal.
Privilegios: [CARLOS-Administrador]
Versión Google Chrome:
Versión Mozilla Firefox: 10.0.1
====== Servicios Eliminados By A/T-Destroyer ======
====== Claves Eliminadas By A/T-Destroyer ======
HKEY_CLASSES_ROOT\AppID\escort.DLL
HKEY_CLASSES_ROOT\AppID\escort.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}
====== Archivos/Carpetas Eliminados By A/T-Destroyer ======
C:\Users\CARLOS\AppData\Roaming\OpenCandy\4498348F430B4BE7A8FA4F5D4C18534A
C:\Users\CARLOS\AppData\Roaming\OpenCandy\OpenCandy_4498348F430B4BE7A8FA4F5D4C18534A
C:\Users\CARLOS\AppData\Roaming\OpenCandy\4498348F430B4BE7A8FA4F5D4C18534A\NitroPDFsp64_p2v1Installer.exe
"C:\Users\CARLOS\AppData\Roaming\OpenCandy"
C:\Users\CARLOS\Appdata\Local\Babylon\Setup
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\bab025.cbid20.dat
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\bab027.Ttype060411_def.dat
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\bab065.engset.dat
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\bab267.mntra-tb.dat
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\Babylon.dat
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\BabyServices.dll
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\BException.dll
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\EULA.rtf
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\Setup-tbmntr-9.0.2.2.zpb
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\Setup-tc.zpb
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\Setup.exe
C:\Users\CARLOS\Appdata\Local\Babylon\Setup\SetupStrings.dat
"C:\Users\CARLOS\Appdata\Local\Babylon"
C:\Users\CARLOS\AppData\Roaming\Babylon\log_file.txt
"C:\Users\CARLOS\AppData\Roaming\Babylon"
C:\Program Files (x86)\SweetIM\Messenger
C:\Program Files (x86)\SweetIM\Toolbars
C:\Program Files (x86)\SweetIM\Messenger\default.xml
C:\Program Files (x86)\SweetIM\Messenger\resources
C:\Program Files (x86)\SweetIM\Messenger\resources\images
C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png
C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png
C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png
C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png
C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png
C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png
C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\version.txt
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
"C:\Program Files (x86)\SweetIM"
"C:\ProgramData\Babylon"
C:\Users\CARLOS\Appdata\Local\fusioncache.dat
C:\Users\CARLOS\Appdata\Local\GDIPFONTCACHEV1.DAT
C:\Windows\System32\ezsidmv.dat
====== Información Extra ======
-_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
"HKCU\Software\Microsoft\Internet Explorer\Main"
Start Page == http://www.google.com
Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
Local Page == C:\Windows\system32\blank.htm
Default_Search_URL == http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL == http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"HKLM\Software\Microsoft\Internet Explorer\Main"
Start Page == http://www.google.com
Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
Local Page == C:\Windows\SysWOW64\blank.htm
Default_Search_URL == http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL == http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"HKEY_USERS\S-1-5-21-1363888287-550473479-3090916094-1006\Software\Microsoft\Internet Explorer\Main"
Start Page == http://www.google.com
Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
Local Page == C:\Windows\system32\blank.htm
-_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
"homepage": "http://www.google.com/",
"homepage_changed": true,
"homepage_is_newtabpage": false,
-_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
"homepage": "http://www.google.com/",
"homepage_changed": true,
"homepage_is_newtabpage": false,
-_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
user_pref("browser.startup.homepage", "http://google.com");
======= EOF =======
Buenas.
Las infecciones de este tipo cambian los permisos administrativos, tene que ir revirtiendo-los desde propiedades / seguridad / editar. O podes abrir un nuevo tema en el foro de Windows
El tema Malware esta solucionado
If on your journey, you should encounter God, God will be cut!
* Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Registrate para responder