• Registrarse
  • Iniciar sesión


  • Resultados 1 al 4 de 4

    Problema con otshoot

    Buenas a todos. El problema es el siguiente: Tengo un malware que se carga cada vez q reinicio el ordenador, se carga como programa otshoot. En el panel de control no me aparece como programa, ...

    1. #1
      Usuario Avatar de Donzipi
      Registrado
      sep 2007
      Ubicación
      Sevilla
      Mensajes
      3

      Problema con otshoot

      Buenas a todos. El problema es el siguiente:
      Tengo un malware que se carga cada vez q reinicio el ordenador, se carga como programa otshoot. En el panel de control no me aparece como programa, y he pasado dos antivirus (avg y avast) varios antimalwares (spybot serach and destroy, antimalwarebytes) el ccleaner, y nada, q no se va. Alguien podría decirme como quitarlo? Muchas gracias de antemano.

    2. #2
      Ex-Colaborador Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.976

      Re: Problema con otshoot

      Hola Donzipi
      Bienvenido al Foro de InfoSpyware.





      ¿Podrías pegar el reporte de Malwarebytes Anti-Malware? esta en su pestaña Registros. Ademas des-instala todas tus herramientas antimalware/antispyware unicamente deja tu Antivirus con Malwarebytes Anti-Malware.


      Realiza lo siguiente:


      • Descarga la herramienta OTL by OldTimer en tu escritorio.
      • Cierre todas las ventanas y programas abiertos. Haga doble clic sobre OTL.exe para ejecutarlo.
      • En Tipo de Análisis marque la casilla "Resultado Mínimo". Por ultimo seleccione las opciones:
        • Usar listado de Compañías Reconocidas
        • Omitir Archivos de Microsoft
        • Buscar LOP
      • Copie el siguiente código: (Se excluye la palabra "Código:")

      Código:
      msconfig
      netsvcs
      baseservices
      %systemdrive%\*.*
      %programfiles%\*.exe 
      %userprofile%\*.exe 
      %allusersprofile%\*.exe 
      %appdata%\*.exe /5 /s
      %localappdata%\*.exe /5 /s
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      • Pegue el código sobre el área Análisis Personalizados/Código de Reparación.


      • Haga clic en el botón Analizar y espere paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos, OTL.txt y Extras.txt. Éstos aparecerán grabados en donde OTL fue ejecutado.



      Para terminar abra el archivo OTL.txt, copie y pegue todo su contenido en la siguiente respuesta para revisarlo.
      Última edición por RevesdeLiberte fecha: 13/10/12 a las 17:30:06
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Donzipi
      Registrado
      sep 2007
      Ubicación
      Sevilla
      Mensajes
      3

      Re: Problema con otshoot

      Muchas gracias, aquí les dejo lo pedido

      OTL logfile created on: 16/10/2012 22:37:21 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pichas Trichas\Desktop
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7601.17514)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      7,93 Gb Total Physical Memory | 6,66 Gb Available Physical Memory | 84,01% Memory free
      15,86 Gb Paging File | 13,95 Gb Available in Paging File | 87,98% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 465,76 Gb Total Space | 267,59 Gb Free Space | 57,45% Space Free | Partition Type: NTFS
      Drive D: | 465,66 Gb Total Space | 37,78 Gb Free Space | 8,11% Space Free | Partition Type: NTFS
      Drive G: | 7,45 Gb Total Space | 7,19 Gb Free Space | 96,57% Space Free | Partition Type: FAT32

      Computer Name: PICHASTRICHAS | User Name: Pichas Trichas | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Pichas Trichas\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe ()
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\HotShot\otshot.exe ()
      PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
      PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
      PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
      PRC - C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Users\Pichas Trichas\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
      PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
      PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
      PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
      PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
      PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)


      ========== Modules (No Company Name) ==========

      MOD - c:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.dll ()
      MOD - C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe ()
      MOD - C:\Archivos de programa\HotShot\otshot.exe ()
      MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
      MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
      MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
      MOD - C:\Users\Pichas Trichas\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll ()
      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll ()
      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll ()
      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll ()
      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll ()
      MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
      SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
      SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe ()
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (avast! Antivirus) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
      SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
      SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (ZuneWlanCfgSvc) -- C:\Archivos de programa\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
      SRV - (WMZuneComm) -- C:\Archivos de programa\Zune\WMZuneComm.exe (Microsoft Corporation)
      SRV - (ZuneNetworkSvc) -- C:\Archivos de programa\Zune\ZuneNss.exe (Microsoft Corporation)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
      SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
      SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
      DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
      DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
      DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
      DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
      DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
      DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
      DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
      DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
      DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
      DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
      DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
      DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
      DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
      DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
      DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
      DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV:64bit: - (OXUDIDRV) -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys ()
      DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
      DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
      DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
      DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
      DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
      DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
      DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
      DRV:64bit: - (rrwd0002) -- C:\Windows\SysNative\drivers\rrwd0002.sys (ArchWave AG)
      DRV:64bit: - (rrau0002) -- C:\Windows\SysNative\drivers\rrau0002.sys (ArchWave AG)
      DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
      DRV:64bit: - (OXSDIDRV_x64) -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys ()
      DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
      DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=d4126d880000000000001c6f65a39540&tlver=1.4.19.19&ss=1&affID=18044
      IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1854633

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 DD 25 98 02 DC CB 01 [binary data]
      IE - HKCU\..\URLSearchHook: {0974848a-b5bc-49f2-9778-307742b4a55d} - No CLSID value found
      IE - HKCU\..\URLSearchHook: {9c905b42-976e-43c1-bc30-fc5937017909} - No CLSID value found
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=d4126d880000000000001c6f65a39540&tlver=1.4.19.19&ss=1&affID=18044
      IE - HKCU\..\SearchScopes\{8B5D5F8E-9E2D-4A37-B41B-B783C6DCCB1E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=70906AD9-8A97-49EA-BD39-267052D7F156&apn_sauid=D944C912-462A-4B0E-8298-ABFAD2243CEF
      IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={9F909259-BA73-4168-BEA3-946AD3A17E0C}&mid=e103adb2794147d6af8bcd2623477cb3-6122da3c2bb3b902a43ab04484a984ec124b8026&lang=es&ds=AVG&pr=pa&d=2011-12-10 14:30:40&v=12.2.5.32&sap=dsp&q={searchTerms}
      IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1854633
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..CT3227983.browser.search.defaultthis.engineName: true
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "appbario9 Customized Web Search"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3227983&SearchSource=13"
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
      FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.580.182
      FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.36
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.5
      FF - prefs.js..extensions.enabledAddons: {72cabc40-64b2-46ed-8648-26d831761150}:10.13.1.89
      FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
      FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
      FF - prefs.js..extensions.enabledItems: [email protected]:12.2.5.32
      FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
      FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227983&SearchSource=2&q="
      FF - prefs.js..browser.startup.homepage: "www.google.com"
      FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/06 19:42:09 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 01:48:05 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/28 08:55:12 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\FirefoxExtension [2012/09/27 14:32:25 | 000,000,000 | ---D | M]

      [2011/06/29 15:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\Extensions
      [2012/10/16 22:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\Firefox\Profiles\ocro5mw6.default\extensions
      [2012/10/16 22:30:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\Firefox\Profiles\ocro5mw6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
      [2012/09/27 14:32:54 | 000,000,000 | ---D | M] (appbario9) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\Firefox\Profiles\ocro5mw6.default\extensions\{72cabc40-64b2-46ed-8648-26d831761150}
      [2012/09/27 12:31:05 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\Firefox\Profiles\ocro5mw6.default\extensions\[email protected]
      [2012/10/10 02:37:11 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\Firefox\Profiles\ocro5mw6.default\extensions\[email protected]
      [2011/10/20 14:18:26 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\Firefox\Profiles\ocro5mw6.default\extensions\[email protected]
      [2012/10/10 02:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\Firefox\Profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\extensionCode
      [2012/09/27 12:31:26 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
      [2012/09/27 14:01:38 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
      [2012/10/16 22:28:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\15c73b4e9a71b0e128c0917a3ab12dc5_expire
      [2012/10/16 22:28:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
      [2012/10/16 22:28:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\34366c7503c567b12cbf0173d8f0234b_expire
      [2012/10/16 22:28:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
      [2012/10/16 22:28:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\4ef0202f7c333a12f727dcd9342d5e79_expire
      [2012/10/16 22:28:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\533b7a3e97c10f1ac87a7484efbae0d5_expire
      [2012/10/16 22:28:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\69aff99e5d90eb7c04672261b9783763_expire
      [2012/10/16 22:28:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\c4e4af69ac132a962d52a431cc2db44b_expire
      [2012/10/16 22:28:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\c594c8c2ebb53af14248a875e1aa01b5_expire
      [2012/10/16 22:28:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
      [2012/10/16 22:28:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
      [2012/10/16 22:28:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\ef8b53537a5678ed1fcb65662c69bced_expire
      [2012/10/16 22:28:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
      [2012/10/16 22:28:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
      [2012/10/16 22:28:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\extensions\[email protected]\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
      [2012/09/28 19:02:51 | 000,001,018 | ---- | M] () -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\searchplugins\appbario9-customized-web-search.xml
      [2012/09/28 09:06:05 | 000,002,299 | ---- | M] () -- C:\Users\Pichas Trichas\AppData\Roaming\mozilla\firefox\profiles\ocro5mw6.default\searchplugins\askcom.xml
      [2012/09/28 08:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/09/28 08:55:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
      [2012/09/27 14:32:25 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.580.182\{D1538445-EBD9-4C43-882A-854EFF8D928C}\FIREFOXEXTENSION
      [2012/09/11 01:48:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/09/03 20:32:52 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
      [2011/06/29 15:05:36 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
      [2012/09/11 01:48:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/09/11 01:48:03 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/09/11 01:48:03 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/09/11 01:48:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/09/11 01:48:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/09/11 01:48:03 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2011/03/05 16:23:46 | 000,000,921 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 genuine.microsoft.com
      O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
      O1 - Hosts: 127.0.0.1 sls.microsoft.com
      O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\Pichas Trichas\AppData\Roaming\OneTab\OneTab.dll (OnPageAds)
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0974848A-B5BC-49F2-9778-307742B4A55D} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9C905B42-976E-43C1-BC30-FC5937017909} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
      O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
      O4 - HKLM..\Run: [HotShot] c:\program files\HotShot\otshot.exe ()
      O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
      O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
      O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
      O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
      O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
      O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
      O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
      O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
      O4 - Startup: C:\Users\Pichas Trichas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Pichas Trichas\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O8:64bit: - Extra context menu item: Descargar con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
      O8 - Extra context menu item: Descargar con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
      O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29614062-A14B-4A51-AFA5-A2D9FCB79178}: DhcpNameServer = 192.168.1.1
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ()
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ()
      O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - AppInit_DLLs: (c:\progra~3\browse~1\22580~1.182\{d1538~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.dll ()
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
      O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O33 - MountPoints2\{163830c0-74ec-11e0-9ea9-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{163830c0-74ec-11e0-9ea9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
      O33 - MountPoints2\{163830c0-74ec-11e0-9ea9-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
      O33 - MountPoints2\{40512722-472c-11e0-a719-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{40512722-472c-11e0-a719-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
      O33 - MountPoints2\{575ce749-7249-11e0-9566-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{575ce749-7249-11e0-9566-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
      O33 - MountPoints2\{7eb6eeff-473a-11e0-b0d6-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{7eb6eeff-473a-11e0-b0d6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O34 - HKLM BootExecute: (sdnclean64.exe)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: ares - hkey= - key= - C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
      MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
      MsConfig:64bit - State: "bootini" - Reg Error: Key error.
      MsConfig:64bit - State: "startup" - Reg Error: Key error.
      MsConfig:64bit - State: "services" - Reg Error: Key error.

      NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/10/16 22:35:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pichas Trichas\Desktop\OTL.exe
      [2012/10/06 19:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
      [2012/10/06 19:42:31 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
      [2012/10/06 19:42:31 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
      [2012/10/06 19:42:25 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
      [2012/10/06 19:42:24 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
      [2012/10/06 19:42:23 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
      [2012/10/06 19:42:18 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
      [2012/10/06 19:42:17 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2012/10/06 19:42:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
      [2012/10/06 19:42:01 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
      [2012/10/06 19:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
      [2012/10/06 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
      [2012/10/01 12:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
      [2012/10/01 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
      [2012/10/01 1258 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
      [2012/10/01 1255 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
      [2012/09/28 19:13:08 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
      [2012/09/28 19:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
      [2012/09/28 19:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
      [2012/09/28 08:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
      [2012/09/28 08:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
      [2012/09/28 08:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
      [2012/09/27 14:46:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
      [2012/09/27 14:46:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
      [2012/09/27 14:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
      [2012/09/27 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\Start Menu
      [2012/09/27 14:32:27 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\AppData\Local\Google
      [2012/09/27 14:32:26 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\AppData\Local\Savings Sidekick
      [2012/09/27 14:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Savings Sidekick
      [2012/09/27 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
      [2012/09/27 12:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\HotShot
      [2012/09/27 12:31:05 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\AppData\Roaming\BrowserCompanion
      [2012/09/27 12:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\otshot
      [2012/09/27 12:31:03 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\AppData\Roaming\OneTab
      [2012/09/27 12:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ZalmanInstaller_otshot
      [2012/09/27 12:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\otshot
      [2012/09/27 12:30:36 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\AppData\Roaming\ZalmanInstaller_otshot
      [2012/09/27 12:30:25 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\AppData\Roaming\PC Suite
      [2012/09/27 12:30:25 | 000,000,000 | ---D | C] -- C:\Users\Pichas Trichas\AppData\Roaming\Nokia
      [2012/09/27 12:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
      [2012/09/27 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
      [2012/09/27 12:30:03 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
      [2012/09/27 12:30:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
      [2012/09/27 12:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
      [2012/09/27 12:29:45 | 000,057,856 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll
      [2012/09/27 12:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
      [2012/09/27 12:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
      [2012/09/26 12:05:05 | 000,000,000 | ---D | C] -- C:\_PoliFix
      [2012/09/24 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      [2012/09/24 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
      [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/10/16 22:41:22 | 002,883,584 | -HS- | M] () -- C:\Users\Pichas Trichas\ntuser.dat
      [2012/10/16 22:30:55 | 001,530,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/10/16 22:30:55 | 000,694,148 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/10/16 22:30:55 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/10/16 22:30:55 | 000,134,242 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/10/16 22:30:55 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/10/16 22:02:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pichas Trichas\Desktop\OTL.exe
      [2012/10/16 20:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/10/16 00:33:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
      [2012/10/16 00:32:54 | 2090,459,135 | -HS- | M] () -- C:\hiberfil.sys
      [2012/10/15 05:04:07 | 001,083,081 | -H-- | M] () -- C:\Users\Pichas Trichas\AppData\Local\IconCache.db
      [2012/10/06 21:42:02 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/10/06 21:42:01 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/10/06 19:42:32 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
      [2012/10/06 19:42:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
      [2012/10/01 12:34:15 | 000,038,445 | ---- | M] () -- C:\Windows\wininit.ini
      [2012/09/27 14:32:56 | 000,000,009 | ---- | M] () -- C:\END
      [2012/09/27 14:30:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/09/27 12:32:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
      [2012/09/27 12:32:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
      [2012/09/27 12:31:05 | 000,002,116 | ---- | M] () -- C:\Users\Pichas Trichas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
      [2012/09/24 22:02:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/10/06 19:42:32 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
      [2012/10/06 19:42:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
      [2012/10/02 00:32:20 | 001,083,081 | -H-- | C] () -- C:\Users\Pichas Trichas\AppData\Local\IconCache.db
      [2012/10/01 12:33:37 | 000,038,445 | ---- | C] () -- C:\Windows\wininit.ini
      [2012/10/01 12:11:01 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
      [2012/09/27 14:32:55 | 000,000,009 | ---- | C] () -- C:\END
      [2012/09/27 12:32:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
      [2012/09/27 12:32:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
      [2012/09/27 12:31:05 | 000,002,116 | ---- | C] () -- C:\Users\Pichas Trichas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
      [2012/09/24 22:02:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [2012/09/14 13:03:22 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
      [2012/09/10 02:28:51 | 000,000,040 | ---- | C] () -- C:\ProgramData\uxlenzjyhrhyotw
      [2012/03/08 18:50:28 | 000,049,016 | ---- | C] () -- C:\Windows\SysWow64\sirenacm.dll
      [2011/11/28 10:20:36 | 000,000,270 | ---- | C] () -- C:\Windows\scummvm.ini
      [2011/09/11 04:54:58 | 001,049,585 | ---- | C] () -- C:\Windows\SysWow64\MAMEUI32.ini
      [2011/09/06 02:23:45 | 000,000,272 | ---- | C] () -- C:\Users\Pichas Trichas\AppData\Roaming\.backup.dm
      [2011/04/30 02:49:43 | 000,524,288 | -HS- | C] () -- C:\Users\Pichas Trichas\ntuser.dat{e0f2d0bb-72ae-11e0-ac7a-1c6f65a39540}.TMContainer00000000000000000002.regtrans-ms
      [2011/04/30 02:49:43 | 000,524,288 | -HS- | C] () -- C:\Users\Pichas Trichas\ntuser.dat{e0f2d0bb-72ae-11e0-ac7a-1c6f65a39540}.TMContainer00000000000000000001.regtrans-ms
      [2011/04/30 02:49:43 | 000,065,536 | -HS- | C] () -- C:\Users\Pichas Trichas\ntuser.dat{e0f2d0bb-72ae-11e0-ac7a-1c6f65a39540}.TM.blf
      [2011/04/30 00:36:00 | 000,000,418 | ---- | C] () -- C:\Users\Pichas Trichas\AppData\Roaming\prefsdb.dat
      [2011/03/23 23:48:34 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
      [2011/03/23 21:37:24 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
      [2011/03/23 21:37:11 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
      [2011/03/14 02:32:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
      [2011/03/05 19:45:04 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
      [2011/03/05 16:49:32 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
      [2011/03/05 16:49:32 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
      [2011/03/05 16:49:32 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
      [2011/03/05 16:49:32 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
      [2011/03/05 16:49:32 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
      [2011/03/05 16:42:03 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
      [2011/03/05 16:23:47 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
      [2011/03/05 16:21:26 | 000,068,048 | ---- | C] () -- C:\Users\Pichas Trichas\AppData\Local\GDIPFONTCACHEV1.DAT
      [2011/03/05 15:39:28 | 002,883,584 | -HS- | C] () -- C:\Users\Pichas Trichas\ntuser.dat
      [2011/03/05 15:39:28 | 000,524,288 | -HS- | C] () -- C:\Users\Pichas Trichas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
      [2011/03/05 15:39:28 | 000,524,288 | -HS- | C] () -- C:\Users\Pichas Trichas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
      [2011/03/05 15:39:28 | 000,065,536 | -HS- | C] () -- C:\Users\Pichas Trichas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
      [2011/03/05 15:39:28 | 000,000,020 | -HS- | C] () -- C:\Users\Pichas Trichas\ntuser.ini

      ========== ZeroAccess Check ==========

      [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2011/01/15 16:51:51 | 014,174,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2011/01/15 16:52:12 | 012,872,192 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2011/01/15 16:52:58 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2011/10/13 20:08:40 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Audacity
      [2011/03/05 18:08:19 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\AVG10
      [2011/12/03 21:09:27 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Broken Sword 2.5
      [2012/10/16 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\BrowserCompanion
      [2012/09/24 22:07:38 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\DAEMON Tools Lite
      [2011/09/23 00:38:25 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Elephant Games
      [2011/03/10 00:53:52 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\ERS Game Studios
      [2011/05/02 03:12:08 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Freeze Tag
      [2011/05/02 03:11:40 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Gamers Digital
      [2011/05/31 1446 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Gearbox Software
      [2011/09/11 05:01:54 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\GestaltGames
      [2011/07/18 17:04:57 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\HLSW
      [2011/07/17 21:41:38 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Ice-pick Lodge
      [2011/03/05 16:39:12 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Marine Aquarium 3
      [2011/11/29 08:41:21 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Mipony
      [2012/09/27 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Nokia
      [2012/09/27 12:31:03 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\OneTab
      [2011/07/17 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Paradoxys
      [2012/09/27 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\PC Suite
      [2011/04/30 00:37:07 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\perfect future studio
      [2011/11/26 23:11:01 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\ScummVM
      [2011/06/12 20:19:16 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\Ubisoft
      [2012/09/24 22:07:36 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\uTorrent
      [2011/05/02 03:19:27 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\WhiteBirdsProductions
      [2012/09/27 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\Pichas Trichas\AppData\Roaming\ZalmanInstaller_otshot

      ========== Custom Scans ==========

      ========== Base Services ==========
      SRV:64bit: - [2009/07/14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
      SRV:64bit: - [2011/01/15 16:52:24 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
      SRV:64bit: - [2009/07/14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
      SRV:64bit: - [2011/01/15 16:51:37 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
      SRV:64bit: - [2011/01/15 16:52:04 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
      SRV:64bit: - [2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
      SRV:64bit: - [2009/07/14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
      SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
      SRV:64bit: - [2011/01/15 16:52:49 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
      SRV:64bit: - [2011/01/15 16:52:48 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
      SRV - [2011/01/15 16:53:12 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
      SRV:64bit: - [2011/01/15 16:52:10 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
      SRV:64bit: - [2011/01/15 16:52:05 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
      SRV - [2011/01/15 16:52:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
      SRV:64bit: - [2011/01/15 16:52:37 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
      SRV:64bit: - [2009/07/14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
      SRV:64bit: - [2009/07/14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
      SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
      SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
      SRV:64bit: - [2011/01/15 16:51:31 | 000,501,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
      No service found with a name of MsMpSvc
      No service found with a name of NisSrv
      SRV:64bit: - [2009/07/14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
      SRV:64bit: - [2009/07/14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
      SRV:64bit: - [2009/07/14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
      SRV:64bit: - [2009/07/14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
      SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
      SRV:64bit: - [2011/01/15 16:51:43 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
      SRV:64bit: - [2009/07/14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
      SRV:64bit: - [2011/01/15 16:52:05 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
      SRV:64bit: - [2011/01/15 16:53:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
      SRV:64bit: - [2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
      No service found with a name of EMDMgmt
      SRV:64bit: - [2009/07/14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
      SRV:64bit: - [2011/01/15 16:52:50 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
      SRV:64bit: - [2011/01/15 16:52:10 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
      SRV:64bit: - [2011/01/15 16:52:48 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
      SRV:64bit: - [2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
      SRV:64bit: - [2009/07/14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
      SRV:64bit: - [2011/01/15 16:51:30 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
      SRV:64bit: - [2011/01/15 16:51:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
      SRV - [2011/01/15 16:52:15 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
      No service found with a name of slsvc
      SRV:64bit: - [2011/01/15 16:52:47 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
      SRV:64bit: - [2011/01/15 16:53:12 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
      SRV - [2011/01/15 16:52:04 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
      SRV:64bit: - [2009/07/14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
      SRV:64bit: - [2011/01/15 16:52:07 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
      SRV:64bit: - [2011/01/15 16:51:53 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
      SRV:64bit: - [2011/01/15 16:53:12 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
      SRV:64bit: - [2011/01/15 16:53:12 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
      SRV:64bit: - [2011/01/15 16:54:08 | 000,170,496 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
      No service found with a name of WinDefend
      SRV:64bit: - [2011/01/15 16:51:52 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
      SRV:64bit: - [2011/01/15 16:53:03 | 000,828,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
      SRV:64bit: - [2011/01/15 16:53:47 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
      SRV:64bit: - [2011/01/15 16:52:40 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
      SRV - [2011/01/15 16:53:04 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
      SRV:64bit: - [2009/07/14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
      SRV:64bit: - [2011/01/15 16:52:58 | 002,420,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
      SRV:64bit: - [2011/01/15 16:52:30 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
      SRV:64bit: - [2009/07/14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
      SRV:64bit: - [2011/01/15 16:53:10 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

      < %systemdrive%\*.* >
      [2012/09/27 14:32:56 | 000,000,009 | ---- | M] () -- C:\END
      [2012/10/16 00:32:54 | 2090,459,135 | -HS- | M] () -- C:\hiberfil.sys
      [2012/10/16 00:32:54 | 4218,937,343 | -HS- | M] () -- C:\pagefile.sys
      [2012/09/26 12:05:12 | 000,005,580 | ---- | M] () -- C:\PoliFix.txt
      [2012/08/22 23:35:15 | 000,000,304 | ---- | M] () -- C:\user.js

      < %programfiles%\*.exe >

      < %userprofile%\*.exe >

      < %allusersprofile%\*.exe >

      < %appdata%\*.exe /5 /s >

      < %localappdata%\*.exe /5 /s >
      [31 C:\Users\Pichas Trichas\AppData\Local\Temp\*.tmp files -> C:\Users\Pichas Trichas\AppData\Local\Temp\*.tmp -> ]

      < %systemroot%\*. /mp /s >

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:A4E7D25F
      @Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:19474103

      < End of report >

    4. #4
      Usuario Avatar de Donzipi
      Registrado
      sep 2007
      Ubicación
      Sevilla
      Mensajes
      3

      Re: Problema con otshoot

      Alguien podría ayudarme, es que este virus o lo que sea no me permite acceder a muchas partes de cualquier página y saltan ventanas cada dos por tres. Gracias de antemano.