• Registrarse
  • Iniciar sesión


  • Resultados 1 al 10 de 10

    Problema con Myplaycity.com

    buenas soy nuevo aqui y les resumo el problema para no alargarlo tanto, el dia de ayer mi hermana pequeña estuvo en la pc descargando juegos y cuando entro a cualquier navegador (Internet Explorer, Firefox, ...

    1. #1
      Usuario Avatar de eduardofiec
      Registrado
      nov 2012
      Ubicación
      Ecuador
      Mensajes
      10

      Atención Problema con Myplaycity.com

      buenas soy nuevo aqui y les resumo el problema para no alargarlo tanto, el dia de ayer mi hermana pequeña estuvo en la pc descargando juegos y cuando entro a cualquier navegador (Internet Explorer, Firefox, Google Chrome) me encuentro que en cada uno de ellos aparece una pestaña de esta pagina Myplaycity.com.
      como hago para eliminarla de los 3 navegadores?


      tengo windows 7 con el antivirus propio de este sistema operativo, tambien tengo CCleaner v3.24.1850 y el Spybot Search & Destroy v1.6.2.46

      gracias de antemano.

    2. #2
      Ex-Colaborador Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.976

      Re: Problema con Myplaycity.com

      Hola eduardofiec
      Bienvenido al Foro de InfoSpyware.






      Realiza el siguiente procedimiento respetando el orden de los pasos. También lee los manuales de las herramientas indicadas. Si un paso resulta imposible realizar continua con el siguiente. Recomiendo imprimir los pasos para realizarlos con todos los programas y ventanas cerrados.


      1.- Descarga las siguientes herramientas en tu escritorio (No las ejecutes aun):



      2.- Ahora ejecuta una a una en el siguiente orden con todas las ventanas cerradas:


      AT-Destroyer:

      • Deshabilita temporalmente el Antivirus y Antispyware.
      • Has doble clic sobre AT-Destroyer.exe para ejecutar la herramienta.
      • Has clic en Si para aceptar los términos, pulsa la tecla 1, a continuación pulsa enter.
      • El escritorio desaparecerá momentáneamente, terminando el análisis clic en Aceptar.


      Malwarebytes Anti-Malware:

      • En su pestaña Escáner > seleccione Realizar un Análisis completo
      • Haga clic en Analizar, seleccione todas las unidades > haga clic en "Examinar"
      • Terminando en "Mostrar resultados" > haga clic en Eliminar seleccionados
      • Aceptar el reinicio si se solicita > un reporte quedara guardado en la pestaña Registros.



      3.- Para terminar copia y pega el contenido completo de los reportes ubicados en:

      • Malwarebytes Anti-Malware > Pestaña Registros
      • AT-Destroyer > Sobre C:\AT-Destroyer.txt



      Me comentas como funciona el ordenador en relación al problema planteado inicialmente.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de eduardofiec
      Registrado
      nov 2012
      Ubicación
      Ecuador
      Mensajes
      10

      Re: Problema con Myplaycity.com

      anexo los siguientes resultados:

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.07.10

      Windows 7 Service Pack 1 x86 NTFS
      Internet Explorer 9.0.8112.16421
      Eduardo :: EDUARDO-PC [administrador]

      07/11/2012 19:21:43
      mbam-log-2012-11-07 (19-21-43).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|E:\|G:\|H:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 510380
      Tiempo transcurrido: 48 minuto(s), 57 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 1
      HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSNMSGR.EXE (Security.Hijack) -> En cuarentena y eliminado con éxito.

      Valores del Registro Detectados: 1
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msnmsgr.exe|Debugger (Security.Hijack) -> datos: "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" -> En cuarentena y eliminado con éxito.

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 2
      D:\Edu\MATERIAS\Laboratorio de Electronica A\Instaladores de Programas\Proteus 7.4\Crack\Proteus_7.4_sp3_patch_6.2_sonsivri.com.exe (PUP.Hacktool.Patcher) -> No se tomaron medidas.
      C:\Users\Eduardo\Desktop\TuneUp Utilities 2012 [ Activarlo]\TuneUp Utilities 2012 [ Activarlo]\Activacion\Keygens (2)\Keygen 1.exe (Malware.Packer) -> En cuarentena y eliminado con éxito.

      fin)






      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      InfoSpyware
      Fecha iniciada en el analisis 07/11/2012
      Hora iniciada en el analisis 19:16:22,50
      Usuario Actual : [C:\Users\Eduardo]
      Sistema Operativo: Windows 7 Professional
      Service pack: Service Pack 1
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [Eduardo-Administrador]
      Versión Google Chrome:
      Versión Mozilla Firefox: 16.0.2

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======


      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
      HKEY_CURRENT_USER\Software\ImInstaller
      HKEY_CURRENT_USER\Software\ImInstaller\IncrediMail
      HKEY_CURRENT_USER\Software\ImInstaller
      HKEY_LOCAL_MACHINE\SOFTWARE\Iminent
      HKEY_LOCAL_MACHINE\SOFTWARE\Iminent


      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      C:\Users\Eduardo\Appdata\Local\GDIPFONTCACHEV1.DAT


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Bing
      Local Page == C:\Windows\system32\blank.htm
      Default_Page_URL == MSN.com

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Bing
      Local Page == C:\Windows\System32\blank.htm
      Default_Search_URL == Bing
      Default_Page_URL == MSN.com


      "HKEY_USERS\S-1-5-21-2404653001-330262813-981373346-1000\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Bing
      Local Page == C:\Windows\system32\blank.htm
      Default_Page_URL == MSN.com


      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://home.myplaycity.com/",
      "homepage_is_newtabpage": false,
      "homepage": "http://home.myplaycity.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,
      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://home.myplaycity.com/",
      "homepage_is_newtabpage": false,
      "homepage": "http://home.myplaycity.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("pref.browser.homepage.disable_button.restore_default", false);
      user_pref("browser.startup.homepage", "http://google.com");
      user_pref("pref.browser.homepage.disable_button.restore_default", false);
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======


      ese es el resultado de los dos programas .. los navegadores ya no tienen esa pestaña ... me podrias indicar si hay alguna otra anomalia en los resultados??

    4. #4
      Ex-Colaborador Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.976

      Re: Problema con Myplaycity.com

      Buenas.


      Pues aun hay cosas que se deben restaurar, en concreto son las paginas de Inicio.


      Realiza lo siguiente:


      • Descarga la herramienta OTL by OldTimer en tu escritorio.
      • Cierre todas las ventanas y programas abiertos. Haga doble clic sobre OTL.exe para ejecutarlo.
      • En Tipo de Análisis marque la casilla "Resultado Mínimo". Por ultimo seleccione las opciones:
        • Usar listado de Compañías Reconocidas
        • Omitir Archivos de Microsoft
        • Buscar LOP
      • Copie el siguiente código: (No copiar la palabra "Código:")

      Código:
      drives
      activex
      netsvcs
      msconfig
      %systemdrive%\*.*
      CREATERESTOREPOINT
      • Pegue el código sobre el área Análisis Personalizados/Código de Reparación.



      • Haga clic en el botón Analizar y espere paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos, OTL.txt y Extras.txt. Éstos aparecerán grabados en donde OTL fue ejecutado.



      Para terminar, solo abra el archivo OTL.txt, copie y pegue todo su contenido en la siguiente respuesta para revisarlo.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de eduardofiec
      Registrado
      nov 2012
      Ubicación
      Ecuador
      Mensajes
      10

      Re: Problema con Myplaycity.com

      OTL logfile created on: 08/11/2012 14:22:12 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eduardo\Desktop
      Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 0000300a | Country: Ecuador | Language: ESF | Date Format: dd/MM/yyyy

      2,96 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,94% Memory free
      5,96 Gb Paging File | 5,05 Gb Available in Paging File | 84,77% Paging File free
      Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 195,31 Gb Total Space | 142,63 Gb Free Space | 73,02% Space Free | Partition Type: NTFS
      Drive D: | 736,20 Gb Total Space | 545,79 Gb Free Space | 74,14% Space Free | Partition Type: NTFS

      Computer Name: EDUARDO-PC | User Name: Eduardo | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Eduardo\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Archivos de programa\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Microsoft Security Client\msseces.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
      PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
      PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
      PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Windows Sidebar\sidebar.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
      PRC - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
      PRC - C:\Archivos de programa\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


      ========== Modules (No Company Name) ==========


      ========== Services (SafeList) ==========

      SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
      SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (NisSrv) -- C:\Archivos de programa\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
      SRV - (MsMpSvc) -- C:\Archivos de programa\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
      SRV - (AdobeARMservice) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
      SRV - (fsssvc) -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
      SRV - (Sony PC Companion) -- C:\Archivos de programa\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
      SRV - (TuneUp.UtilitiesSvc) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
      SRV - (BBSvc) -- C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      SRV - (SeaPort) -- C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
      SRV - (rpcapd) -- C:\Archivos de programa\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
      SRV - (osppsvc) -- C:\Archivos de programa\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
      SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (a4ns4fxs) -- File not found
      DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
      DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
      DRV - (TuneUpUtilitiesDrv) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger y más en MSN Latinoamérica | Noticias, deportes, entretenimiento, videos y más
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ec
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE C9 47 9E 08 4E CD 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.gigabase.ru/search?q={searchTerms}&clid=1
      IE - HKCU\..\SearchScopes\{BC29137C-A993-452B-98BF-251F2DCBEFD7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647960&src=kw&q={searchTerms}&locale=es_ES&apn_ptnrs=8R&apn_dtid=YYYYYYYYEC&apn_uid=8C4B5F23-9969-49EA-83FA-64428B7203FF&apn_sauid=66476A0F-4762-441D-ABC2-01681CBA56D0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

      ========== FireFox ==========

      FF - prefs.js..Keyword.Enabled: "true"
      FF - prefs.js..browser.search.defaultenginename: "google.com"
      FF - prefs.js..browser.search.defaulturl: "http://www.gigabase.ru/search?clid=1&q="
      FF - prefs.js..browser.search.selectedEngine: "google.com"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
      FF - prefs.js..keyword.URL: "http://www.gigabase.ru/search?clid=1&q="

      FF - user.js..browser.search.defaulturl: "http://www.gigabase.ru/search?clid=1&q="
      FF - user.js..keyword.URL: "http://www.gigabase.ru/search?clid=1&q="

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
      FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eduardo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Iminent\[email protected]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 20:19:41 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 20:19:41 | 000,000,000 | ---D | M]

      [2012/06/19 23:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\Extensions
      [2012/11/06 20:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\Firefox\Profiles\hcw0ifp2.default\extensions
      [2012/07/24 23:28:06 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\hcw0ifp2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2012/10/24 01:49:55 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\hcw0ifp2.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
      [2012/10/26 20:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2012/10/26 20:19:41 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2012/08/29 14:35:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/06/14 18:48:45 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolibre-mx.xml
      [2012/06/14 18:48:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/06/14 18:48:45 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-mx.xml

      ========== Chrome ==========

      CHR - homepage: Google
      CHR - default_search_provider: MyPlayCity Search (Enabled)
      CHR - default_search_provider: search_url = http://home.myplaycity.com/results.php?category=web&s={searchTerms}
      CHR - default_search_provider: suggest_url =
      CHR - homepage: Google
      CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
      CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
      CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
      CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
      CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
      CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
      CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
      CHR - Extension: Wes Craven = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahooofggegjbnodalhoibemeabkapop\3_0\

      O1 HOSTS File: ([2012/10/28 23:02:55 | 000,444,738 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 www.007guard.com
      O1 - Hosts: 127.0.0.1 007guard.com
      O1 - Hosts: 127.0.0.1 008i.com
      O1 - Hosts: 127.0.0.1 008k.com
      O1 - Hosts: 127.0.0.1 008k.com
      O1 - Hosts: 127.0.0.1 00hq.com
      O1 - Hosts: 127.0.0.1 00hq.com
      O1 - Hosts: 127.0.0.1 010402.com
      O1 - Hosts: 127.0.0.1 www.032439.com
      O1 - Hosts: 127.0.0.1 032439.com
      O1 - Hosts: 127.0.0.1 全讯网,博彩优æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*即时指数,太阳城代理112scg,tt娱乐城8bc8,网上真钱娱
      O1 - Hosts: 127.0.0.1 0scan.com
      O1 - Hosts: 127.0.0.1 1000gratisproben.com
      O1 - Hosts: 127.0.0.1 1000gratisproben.com
      O1 - Hosts: 127.0.0.1 1001namen.com
      O1 - Hosts: 127.0.0.1 1001namen.com
      O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
      O1 - Hosts: 127.0.0.1 100888290cs.com
      O1 - Hosts: 127.0.0.1 100sexlinks.com
      O1 - Hosts: 127.0.0.1 100sexlinks.com - Sex links Resources and Information. This website is for sale!
      O1 - Hosts: 127.0.0.1 10sek.com
      O1 - Hosts: 127.0.0.1 10sek.com
      O1 - Hosts: 127.0.0.1 1-2005-search.com
      O1 - Hosts: 127.0.0.1 www.1-2005-search.com
      O1 - Hosts: 127.0.0.1 Sex Dating Casual Friends | Social dating
      O1 - Hosts: 15273 more lines...
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Eduardo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
      O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O8 - Extra context menu item: &Enviar a OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
      O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1B00A7-C421-4968-BD80-9FE3435900C2}: DhcpNameServer = 192.168.0.1
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Archivos de programa\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O27 - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
      O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
      O27 - HKLM IFEO\wlsync.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
      ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
      ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
      ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
      ActiveX: {3CE02F38-C912-44CF-B02E-60F7964E61FF} - BingPack
      ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
      ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
      ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
      ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
      ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - DefaultPack
      ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
      ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
      ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
      ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
      ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
      ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
      ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
      ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
      ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
      ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
      ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
      ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
      ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
      ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
      ActiveX: >{4b822fe0-b4e8-4b46-9b58-3964ee0dd367} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
      MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
      MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
      MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
      MsConfig - StartUpReg: Sony PC Companion - hkey= - key= - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
      MsConfig - StartUpReg: SpeedUpMyPC - hkey= - key= - File not found
      MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/08 14:16:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
      [2012/11/07 19:19:54 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\Malwarebytes
      [2012/11/07 19:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2012/11/07 19:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/11/07 19:19:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
      [2012/11/07 19:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
      [2012/11/07 19:12:20 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Eduardo\Desktop\mbam-setup-1.65.1.1000.exe
      [2012/11/06 23:50:15 | 000,036,864 | ---- | C] (NirSoft) -- C:\Windows\nircmd.exe
      [2012/11/06 21:52:23 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Desktop\CASASION
      [2012/10/31 23:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Cheating-Death
      [2012/10/31 2312 | 238,617,038 | ---- | C] (KingSOFT DVD ) -- C:\Users\Eduardo\Desktop\cs16full_v23b_v2_5.exe
      [2012/10/30 2020 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{B57D4345-F097-44B8-B6E8-E42DADFF9EFF}
      [2012/10/29 02:04:58 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{6EE66661-DE44-4A6B-B1F2-A828B7ADE2DC}
      [2012/10/28 22:03:43 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\EnglishUnlimitedElementary
      [2012/10/27 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Desktop\infiltrado
      [2012/10/27 20:27:21 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
      [2012/10/27 20:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
      [2012/10/27 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\VirtualDJ
      [2012/10/26 20:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
      [2012/10/26 00:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
      [2012/10/26 00:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
      [2012/10/26 00:30:39 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Deployment
      [2012/10/26 00:30:39 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Apps
      [2012/10/21 11:43:47 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
      [2012/10/21 11:43:46 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
      [2012/10/21 11:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
      [2012/10/21 11:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
      [2012/10/21 09:45:47 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{BC7DB59D-EE68-41A7-B97D-001B327991BE}
      [2012/10/20 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{993DD16F-FA71-422A-A4F1-A184C45B7673}
      [2012/10/20 09:08:53 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{D59A924E-E35F-4A37-B476-2BF2976267C3}
      [2012/10/19 20:43:20 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{DD9704F8-1527-45A1-AA44-A03FBA3887D8}
      [2012/10/19 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{F20EABF9-204F-4199-9B46-6A6A36469286}
      [2012/10/18 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{6296F006-E0FD-4AE2-8B1B-23D356BBD022}
      [2012/10/18 02:53:51 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{811D1D89-5EA6-443D-B03D-43DBFDC9D9F9}
      [2012/10/17 22:43:07 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Desktop\2012_10_17
      [2012/10/17 14:53:21 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{53F34A64-E56D-40C4-BEAB-D01DFBF6A0B2}
      [2012/10/16 22:14:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
      [2012/10/16 22:14:49 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
      [2012/10/16 22:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
      [2012/10/16 22:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO
      [2012/10/16 22:14:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\WinDS PRO
      [2012/10/16 2210 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{98C9CD0C-3C99-41CD-9D94-50203F3B6DE3}
      [2012/10/16 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{0EC64EF1-686D-4320-86FD-5D58F48FF14C}
      [2012/10/15 21:20:42 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\WinDS PRO
      [2012/10/15 21:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
      [2012/10/15 21:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
      [2012/10/15 13:14:13 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{E0E66869-4725-4D4C-BC39-3D5C294F94F8}
      [2012/10/15 00:45:52 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{DF0456C9-E5D2-465C-9517-01964C0160F0}
      [2012/10/14 12:45:27 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{383E3E9C-7C8E-41DF-8676-DCC7DBB9EE4F}
      [2012/10/13 18:30:29 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{B9EB5820-9D3C-4E9B-BD57-EA8D04E314F7}
      [2012/10/13 15:13:43 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{98364AFE-70AE-4021-9F55-81514CA7A827}
      [2012/10/13 11:42:36 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{3604D535-0991-4D32-A425-1F89358E002C}
      [2012/10/12 23:42:12 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{1050AA2D-15D9-456A-AE36-CF05C5BDE97C}
      [2012/10/12 14:46:20 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Akamai
      [2012/10/12 11:41:40 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{C9AE142F-F164-4310-9887-1C38489EDFAF}
      [2012/10/11 23:12:32 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{B7AAD537-D8CB-4A90-9706-F646421D8783}
      [2012/10/11 11:08:54 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{7DD5DE0E-63C3-47B2-B8B3-2AAB39655577}
      [2012/10/10 22:53:05 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{28D49B1B-17EA-4AB2-AC9C-95A7397F0FD3}
      [2012/10/10 10:51:46 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{20C09274-AB82-41FE-8F14-0D96617340A5}
      [2012/10/09 15:30:16 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\{9FBDCDC2-CD43-48D8-B841-D847CF6407CD}
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/11/08 14:21:16 | 008,126,464 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat
      [2012/11/08 14:16:59 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/08 14:16:59 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/08 14:16:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
      [2012/11/08 14:14:15 | 001,555,646 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
      [2012/11/08 14:14:15 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/11/08 14:14:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/11/08 14:14:15 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/11/08 14:14:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/11/08 14:09:50 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/11/08 14:09:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
      [2012/11/08 14:09:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/11/08 14:09:38 | 2385,678,336 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/08 11:32:55 | 013,553,396 | -H-- | M] () -- C:\Users\Eduardo\AppData\Local\IconCache.db
      [2012/11/08 11:32:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/11/08 10:42:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/11/07 20:13:44 | 000,109,592 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\GDIPFONTCACHEV1.DAT
      [2012/11/07 19:19:29 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/07 19:12:41 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Eduardo\Desktop\mbam-setup-1.65.1.1000.exe
      [2012/11/07 19:11:57 | 000,516,139 | ---- | M] () -- C:\Users\Eduardo\Desktop\AT-Destroyer.exe
      [2012/11/07 00:46:22 | 000,022,300 | ---- | M] () -- C:\Users\Eduardo\Documents\cc_20121107_004609.reg
      [2012/10/31 14:41:32 | 238,617,038 | ---- | M] (KingSOFT DVD ) -- C:\Users\Eduardo\Desktop\cs16full_v23b_v2_5.exe
      [2012/10/30 00:28:59 | 000,219,076 | ---- | M] () -- C:\Users\Eduardo\Desktop\tracertnetlife.png
      [2012/10/28 23:02:55 | 000,444,738 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
      [2012/10/28 01:39:44 | 000,408,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
      [2012/10/27 20:27:21 | 000,001,029 | ---- | M] () -- C:\Users\Eduardo\Desktop\VirtualDJ Home FREE.lnk
      [2012/10/26 00:32:17 | 000,002,224 | ---- | M] () -- C:\Users\Eduardo\Desktop\Google Chrome.lnk
      [2012/10/24 02:18:54 | 056,043,605 | ---- | M] () -- C:\Users\Eduardo\Desktop\32470461-Book-Sol-Man-Modern-Digital-and-Analog-Communications-Systems-B-P-Lathi.pdf
      [2012/10/24 02:13:13 | 001,071,930 | ---- | M] () -- C:\Users\Eduardo\Desktop\35265299-Comunicaciones-Analogicas-AM-FM-Ruido.pdf
      [2012/10/22 20:35:31 | 000,000,032 | ---- | M] () -- C:\Users\Eduardo\AppData\Roaming\cbl32.dll
      [2012/10/21 11:43:45 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
      [2012/10/19 13:35:29 | 117,854,856 | ---- | M] () -- C:\Users\Eduardo\Desktop\Calle_13_-_Calle_13_%28320_kbps%29..rar
      [2012/10/16 22:14:49 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
      [2012/10/15 23:18:09 | 000,000,963 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/11/07 20:13:44 | 000,109,592 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\GDIPFONTCACHEV1.DAT
      [2012/11/07 19:19:29 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/07 00:46:13 | 000,022,300 | ---- | C] () -- C:\Users\Eduardo\Documents\cc_20121107_004609.reg
      [2012/11/06 23:50:15 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/11/06 23:50:15 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/11/06 23:50:15 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/11/06 23:49:58 | 000,516,139 | ---- | C] () -- C:\Users\Eduardo\Desktop\AT-Destroyer.exe
      [2012/11/06 11:55:08 | 000,001,870 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
      [2012/10/30 00:28:59 | 000,219,076 | ---- | C] () -- C:\Users\Eduardo\Desktop\tracertnetlife.png
      [2012/10/27 20:27:21 | 000,001,029 | ---- | C] () -- C:\Users\Eduardo\Desktop\VirtualDJ Home FREE.lnk
      [2012/10/26 00:32:17 | 000,002,224 | ---- | C] () -- C:\Users\Eduardo\Desktop\Google Chrome.lnk
      [2012/10/26 00:31:28 | 000,001,026 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/10/26 00:31:27 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/10/24 02:17:17 | 056,043,605 | ---- | C] () -- C:\Users\Eduardo\Desktop\32470461-Book-Sol-Man-Modern-Digital-and-Analog-Communications-Systems-B-P-Lathi.pdf
      [2012/10/24 02:13:11 | 001,071,930 | ---- | C] () -- C:\Users\Eduardo\Desktop\35265299-Comunicaciones-Analogicas-AM-FM-Ruido.pdf
      [2012/10/22 20:35:31 | 000,000,032 | ---- | C] () -- C:\Users\Eduardo\AppData\Roaming\cbl32.dll
      [2012/10/21 11:43:45 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
      [2012/10/21 11:43:45 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
      [2012/10/19 13:36:46 | 117,854,856 | ---- | C] () -- C:\Users\Eduardo\Desktop\Calle_13_-_Calle_13_%28320_kbps%29..rar
      [2012/10/15 21:04:46 | 000,000,963 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
      [2012/09/23 19:12:50 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{84e3c6de-05dc-11e2-a9c4-00270e0e1235}.TMContainer00000000000000000002.regtrans-ms
      [2012/09/23 19:12:50 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{84e3c6de-05dc-11e2-a9c4-00270e0e1235}.TMContainer00000000000000000001.regtrans-ms
      [2012/09/23 19:12:50 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{84e3c6de-05dc-11e2-a9c4-00270e0e1235}.TM.blf
      [2012/09/05 17:29:02 | 000,005,632 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/07/21 00:25:35 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
      [2012/07/06 02:57:55 | 000,000,386 | RHS- | C] () -- C:\ProgramData\ntuser.pol
      [2012/07/02 13:14:49 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{d7439b66-c468-11e1-ad2f-00270e0e1235}.TMContainer00000000000000000002.regtrans-ms
      [2012/07/02 13:14:49 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{d7439b66-c468-11e1-ad2f-00270e0e1235}.TMContainer00000000000000000001.regtrans-ms
      [2012/07/02 13:14:49 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{d7439b66-c468-11e1-ad2f-00270e0e1235}.TM.blf
      [2012/06/21 00:11:24 | 000,000,874 | ---- | C] () -- C:\Windows\WINHELP.INI
      [2012/06/21 00:11:24 | 000,000,499 | ---- | C] () -- C:\Windows\BDE.INI
      [2012/06/21 00:11:24 | 000,000,113 | ---- | C] () -- C:\Windows\BCW5.INI
      [2012/06/21 00:11:24 | 000,000,085 | ---- | C] () -- C:\Windows\TDW.INI
      [2012/06/21 00:11:23 | 000,375,296 | ---- | C] () -- C:\Windows\System32\wsihk32.dll
      [2012/06/21 00:11:23 | 000,188,448 | ---- | C] () -- C:\Windows\System32\bocof.dll
      [2012/06/21 00:11:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\bw32000c.dll
      [2012/06/21 00:11:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\bw320007.dll
      [2012/06/21 00:11:23 | 000,131,584 | ---- | C] () -- C:\Windows\System32\wsiwin32.dll
      [2012/06/21 00:11:23 | 000,091,136 | ---- | C] () -- C:\Windows\BC5RMV.EXE
      [2012/06/21 00:11:23 | 000,000,586 | ---- | C] () -- C:\Windows\owl.ini
      [2012/06/19 23:43:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
      [2012/06/19 23:43:00 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
      [2012/06/19 05:37:50 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
      [2012/06/19 05:29:33 | 013,553,396 | -H-- | C] () -- C:\Users\Eduardo\AppData\Local\IconCache.db
      [2012/06/19 05:14:02 | 000,000,039 | ---- | C] () -- C:\Windows\vbaddin.ini
      [2012/06/19 04:59:58 | 001,555,646 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
      [2012/06/19 04:57:21 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
      [2012/06/19 04:57:21 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
      [2012/06/19 04:57:21 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
      [2012/06/19 04:57:21 | 000,000,020 | -HS- | C] () -- C:\Users\Eduardo\ntuser.ini
      [2012/06/19 04:57:20 | 008,126,464 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat
      [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
      [2011/02/11 1952 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
      [2011/02/11 1950 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
      [2011/02/11 1950 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
      [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
      [2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

      ========== ZeroAccess Check ==========

      [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2012/09/23 16:56:29 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\.mono
      [2012/08/17 19:17:34 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\Canon
      [2012/06/23 01:53:05 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\DAEMON Tools Lite
      [2012/10/28 23:05:54 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\EnglishUnlimitedElementary
      [2012/09/27 16:36:18 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\Pokémon Trading Card Game Online
      [2012/09/09 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\TuneUp Software

      ========== Custom Scans ==========

      ========== Drive Information ==========

      Physical Drives
      ---------------

      Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
      Interface type: IDE
      Media Type: Fixed hard disk media
      Model: ST31000528AS ATA Device
      Partitions: 2
      Status: OK
      Status Info: 0

      Drive: \\\\.\\PHYSICALDRIVE1 -
      Interface type: USB
      Media Type:
      Model: SMI Reader USB Device
      Partitions: 0
      Status: OK
      Status Info: 0

      Partitions
      ---------------

      DeviceID: Disk #0, Partition #0
      PartitionType: Installable File System
      Bootable: True
      BootPartition: True
      PrimaryPartition: True
      Size: 195,00GB
      Starting Offset: 1048576
      Hidden sectors: 0


      DeviceID: Disk #0, Partition #1
      PartitionType: Installable File System
      Bootable: False
      BootPartition: False
      PrimaryPartition: True
      Size: 736,00GB
      Starting Offset: 209716248576
      Hidden sectors: 0


      < %systemdrive%\*.* >
      [2012/11/07 19:17:20 | 000,003,246 | ---- | M] () -- C:\AT-Destroyer.txt
      [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2012/06/18 22:49:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2012/11/08 14:09:38 | 2385,678,336 | -HS- | M] () -- C:\hiberfil.sys
      [2012/07/22 20:39:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/07/22 20:39:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2012/11/08 14:09:41 | 3219,128,320 | -HS- | M] () -- C:\pagefile.sys
      [2012/11/07 19:16:22 | 000,000,146 | ---- | M] () -- C:\prueba.txt

      < End of report >



      ese es el reporte de OTL.txt

      hay algo mas que se deba hacer?

    6. #6
      Ex-Colaborador Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.976

      Re: Problema con Myplaycity.com

      Buenas.



      Importante: Has una copia de seguridad del Registro con ERUNT 1.1j como lo indica su Manual.


      Realiza lo siguiente:


      • Cierre todas las ventanas y programas abiertos. Haga doble clic sobre OTL.exe para ejecutarlo.
        • Copie todo el siguiente código: (No copiar la palabra "Código:")
      Código:
      :OTL
      DRV - (a4ns4fxs) -- File not found
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.gigabase.ru/search?q={searchTerms}&clid=1
      IE - HKCU\..\SearchScopes\{BC29137C-A993-452B-98BF-251F2DCBEFD7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647960&src=kw&q={searchTerms}&locale=es_ES&apn_ptnrs=8R&apn_dtid=YYYYYYYYEC&apn_uid=8C4B5F23-9969-49EA-83FA-64428B7203FF&apn_sauid=66476A0F-4762-441D-ABC2-01681CBA56D0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
      FF - prefs.js..browser.search.defaulturl: "http://www.gigabase.ru/search?clid=1&q="
      FF - prefs.js..keyword.URL: "http://www.gigabase.ru/search?clid=1&q="
      FF - user.js..browser.search.defaulturl: "http://www.gigabase.ru/search?clid=1&q="
      FF - user.js..keyword.URL: "http://www.gigabase.ru/search?clid=1&q="
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Iminent\[email protected]
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eduardo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      [2012/07/24 23:28:06 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\hcw0ifp2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2012/10/24 01:49:55 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\hcw0ifp2.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
      CHR - default_search_provider: MyPlayCity Search (Enabled)
      CHR - default_search_provider: search_url = http://home.myplaycity.com/results.php?category=web&s={searchTerms}
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O13 - gopher Prefix: missing
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
      MsConfig - StartUpReg: SpeedUpMyPC - hkey= - key= - File not found
      [2012/10/22 20:35:31 | 000,000,032 | ---- | C] () -- C:\Users\Eduardo\AppData\Roaming\cbl32.dll
      
      :Files
      C:\Program Files\Iminent
      
      :Commands
      [EmptyTemp]
      [RestHosts]
      [EmptyJava]
      • Pegue el código sobre el área Análisis Personalizados/Código de Reparación.



      • Haga clic en el botón Reparar para comenzar la reparación. Se te solicitara reiniciar el ordenador haga clic en Aceptar.
      • Tras el reinicio se abrirá un reporte con los resultados, ese reporte también quedara guardado en C:\_OTL\MovedFiles\***_***.txt (Donde dice "***_***" es la fecha y hora).



      Copia y pega el reporte generado en tu siguiente respuesta comentando si persiste el problema inicial.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de eduardofiec
      Registrado
      nov 2012
      Ubicación
      Ecuador
      Mensajes
      10

      Re: Problema con Myplaycity.com

      All processes killed
      ========== OTL ==========
      Error: No service named a4ns4fxs was found to stop!
      Service\Driver key a4ns4fxs not found.
      File File not found not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC29137C-A993-452B-98BF-251F2DCBEFD7}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC29137C-A993-452B-98BF-251F2DCBEFD7}\ not found.
      HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
      Prefs.js: "http://www.gigabase.ru/search?clid=1&q=" removed from browser.search.defaulturl
      Prefs.js: "http://www.gigabase.ru/search?clid=1&q=" removed from keyword.URL
      C:\Users\Eduardo\AppData\Roaming\Mozilla\FireFox\Profiles\hcw0ifp2.default\user.js moved successfully.
      Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
      File C:\Program Files\Iminent\[email protected] not found.
      Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
      C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\hcw0ifp2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
      C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\hcw0ifp2.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi moved successfully.
      Use Chrome's Settings page to remove the default_search_provider items.
      Use Chrome's Settings page to remove the default_search_provider items.
      Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IgfxTray\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SpeedUpMyPC\ deleted successfully.
      C:\Users\Eduardo\AppData\Roaming\cbl32.dll moved successfully.
      ========== FILES ==========
      File\Folder C:\Program Files\Iminent not found.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Eduardo
      ->Temp folder emptied: 1499161 bytes
      ->Temporary Internet Files folder emptied: 2764114 bytes
      ->Java cache emptied: 39866459 bytes
      ->FireFox cache emptied: 288158329 bytes
      ->Google Chrome cache emptied: 21804423 bytes
      ->Flash cache emptied: 1708 bytes

      User: Mcx1-EDUARDO-PC
      ->Temp folder emptied: 517 bytes
      ->Temporary Internet Files folder emptied: 197565 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 46663 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 338,00 mb

      Error: Unable to interpret <[RestHosts]> in the current context!

      [EMPTYJAVA]

      User: All Users

      User: Default

      User: Default User

      User: Eduardo
      ->Java cache emptied: 0 bytes

      User: Mcx1-EDUARDO-PC

      User: Public

      Total Java Files Cleaned = 0,00 mb


      OTL by OldTimer - Version 3.2.69.0 log created on 11082012_212537

      Files\Folders moved on Reboot...

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...





      te comento que ya no tengo la molesta pestaña de myplaycity.com ! cabe decir un muchas gracias.....!!! hay algo mas que deba hacer o eso es todo?

    8. #8
      Ex-Colaborador Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.976

      Re: Problema con Myplaycity.com

      Hola.


      Para terminar, desinstala ERUNT y ejecuta OTL.exe has clic Limpiar luego en Aceptar esto reiniciara tu ordenador.

      Un placer ayudarte, cualquier otro problema no dudes en consultarnos.







      Tema Solucionado.


      Si deseas reabrir el tema reporta este mensaje para que un moderador de este subforo reabra el tema.

      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, vía E-Mail para estar al tanto de los nuevos malwares y como prevenirlos.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de eduardofiec
      Registrado
      nov 2012
      Ubicación
      Ecuador
      Mensajes
      10

      Re: Problema con Myplaycity.com

      bro muchas gracias......!

    10. #10
      Ex-Colaborador Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.976

      Re: Problema con Myplaycity.com



      Suerte.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.