• Registrarse
  • Iniciar sesión


  • Resultados 1 al 6 de 6

    Se me abren ventanas continuamente

    Al conectarme a internet se abre múltiples ventanas publicitarias. Despues de intentar solucionarlo con las indicaciones de varios post anteriores me veo en la obligación de abrir un nuevo tema ya que no encuentro solución. ...

    1. #1
      Usuario Avatar de josemarrae
      Registrado
      abr 2007
      Ubicación
      España
      Mensajes
      14

      Se me abren ventanas continuamente

      Al conectarme a internet se abre múltiples ventanas publicitarias.
      Despues de intentar solucionarlo con las indicaciones de varios post anteriores me veo en la obligación de abrir un nuevo tema ya que no encuentro solución. He pasado ccleaner,
      MalwareBytes Antimalware (me ha detectado varias amenazas)
      AT-Destroyer (Lo he ejecutado pero se me queda en el 84% Eliminando claves Toolbar vacias)

      Haber si con su ayuda puedo solucionar este problema.

    2. #2
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.693

      Re: Se me abren ventanas continuamente

      Buenas josemarrae.

      Por favor pon el informe de Malwarebytes, lo puedes encontrar en la pestaña "Registros".

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de josemarrae
      Registrado
      abr 2007
      Ubicación
      España
      Mensajes
      14

      Re: Se me abren ventanas continuamente

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.21.07

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Diego :: DIEGO-Q [administrador]

      21/11/2012 18:58:09
      mbam-log-2012-11-21 (18-58-09).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|E:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 326084
      Tiempo transcurrido: 1 hora(s), 21 minuto(s), 50 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 3
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Se eliminarán al reiniciar.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Se eliminarán al reiniciar.
      HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> En cuarentena y eliminado con éxito.

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 1
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Malo: (Funmoods Search) Bueno: (Google) -> En cuarentena y reparado con éxito.

      Carpetas Detectadas: 1
      C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> En cuarentena y eliminado con éxito.

      Archivos Detectados: 2
      C:\Users\Diego\Downloads\mozilla-firefox-1601-baixaki-32-bits-1810201219711.exe (PUP.AdBundle) -> En cuarentena y eliminado con éxito.
      C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> En cuarentena y eliminado con éxito.

      fin)

    4. #4
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.693

      Re: Se me abren ventanas continuamente

      Ahora sigue estos pasos, en el orden indicado :

      Descarga y ejecuta >> Ccleaner.

      • Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


      Descarga(como ya lo tienes, no hace falta), actualiza y ejecuta >> Malwarebytes’ Anti-Malware.

      • En la pestaña Actualizar pulsas sobre el botón "Buscar Actualizaciones"
      • En la pestaña Escáner marcas "Realizar un Examen Completo."
      • Con la opción de "quitar lo seleccionado" lo mandas todo a la cuarentena y reinicias el sistema.
      • En la pestaña "Registros", encontrarás el informe del MBAM, lo copias y pegas en tu próxima respuesta, para analizarlo.


      Descarga >> AT-Destroyer (Adwares/Toolbars-Destroyer) By Infospyware.(Adjunto al final del mensaje)

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Ejecuta AT-Destroyer. (Si usas Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En el menú pulsa sobre la opción "Buscar y Destruir".
      • AT-Destroyer desconectará el escritorio momentáneamente.
      • Si detecta infecciones se te indicara y pulsas en Aceptar.
      • Al finalizar el proceso te pedirá Reiniciar, pulsa para Aceptar.
      • Al Iniciar de nuevo Windows se te abrirá un reporte/informe, que deberás copiar en tu próxima respuesta, comentando cómo funciona el sistema.(También puedes encontrarlo en C:\AT-Destroyer.log)


      Y finalmente descarga >> OTL By OldTimer

      >>> Para Ejecutar OTL sigue estos pasos :

      • Cerrar todos programas que tengas abiertos y hacer doble click en el ícono de OTL para ejecutarlo.
      • Dejarlo correr y esperar a que aparezca el menú de OTL..
      • Cuando salga el menú de OTL, debes cambiar debajo de: "Tipo de Análisis" poniendo Resultado Mínimo.
      • Marcar la casilla Analizar Todos.
      • Marcar las opciones: Buscar LOP y Buscar Purity.
      • Marcar las Opciones >> Omitir Archivos De Microsoft y Usar Listado de Compañías Reconocidas.
      • Copiar y Pegar las lineas del siguiente script bajo la casilla Análisis Personalizados/Código de Reparación:

        NOTA: No copiar la palabra Codigo:
        Código:
        netsvcs
        msconfig
        %SYSTEMDRIVE%\*.*
        CREATERESTOREPOINT


      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presionar el botón .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos archivos estarán grabados en el mismo lugar donde OTL.exe fue descargado.
      • Copiar y pegar el contenido del archivo OTL.txt en tu próxima respuesta.


      En tu próxima respuesta recuerda:

      - Ponernos los informes de Malwarebytes, AT-Destroyer y OTL.txt.

      - Y nos cuentas como funciona tu equipo, en relación al problema planteado.

      Saludos, Javier.
      Última edición por @Javier_HF fecha: 01/01/13 a las 10:17:53 Razón: Retirar fichero adjunto.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de josemarrae
      Registrado
      abr 2007
      Ubicación
      España
      Mensajes
      14

      Re: Se me abren ventanas continuamente

      Perdón por el retraso pero no he podido realizar los pasos antes. He pasado ccleaner, malwarebytes (adjunto reporte), AT-Destroyer (Se queda colgado en el 84%, en ese momento indica que esta borrando las toolbars vacias) y por último he pasado el OTL (adjunto también reporte).

      Deciros que el AT Destroyer lo utilice como administrador y con el antivirus desactivado. El sistema operativo es Windows 7 por si les hes de utilidad.

      Reporte Malwarebytes (las dos entradas que hacen referencia al Autocad2012 son posteriores al problema, tambien se lo indico por si fuese útil):

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.26.06

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Diego :: DIEGO-Q [administrador]

      26/11/2012 16:49:59
      mbam-log-2012-11-26 (16-49-59).txt

      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 334703
      Tiempo transcurrido: 1 hora(s), 22 minuto(s), 18 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 2
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Se eliminarán al reiniciar.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Se eliminarán al reiniciar.

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 2
      C:\Users\Diego\Desktop\Autocad 2012 español\MEDICINA\xf-adesk2012x32.exe (PUP.RiskwareTool.CK) -> En cuarentena y eliminado con éxito.
      C:\Users\Diego\Desktop\Autocad 2012 español\MEDICINA\xf-adesk2012x64.exe (Trojan.Agent.ck) -> En cuarentena y eliminado con éxito.

      fin)

      Reporte OTL

      OTL logfile created on: 26/11/2012 19:39:43 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Diego\Desktop
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000456 | Country: España | Language: GLC | Date Format: dd/MM/yyyy

      3,60 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 69,58% Memory free
      7,21 Gb Paging File | 5,75 Gb Available in Paging File | 79,80% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 273,88 Gb Total Space | 215,42 Gb Free Space | 78,65% Space Free | Partition Type: NTFS
      Drive D: | 20,04 Gb Total Space | 2,15 Gb Free Space | 10,71% Space Free | Partition Type: NTFS
      Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,28% Space Free | Partition Type: FAT32

      Computer Name: DIEGO-Q | User Name: Diego | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Diego\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
      PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
      PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
      PRC - C:\Program Files\IB Updater\ExtensionUpdaterService.exe ()
      PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
      PRC - C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
      PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
      PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
      PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
      PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)


      ========== Modules (No Company Name) ==========

      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ae614e1069c57f64c93b5dd3553965fd\System.Web.Services.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a27582afda5c9a9258ed2cd787352773\System.ServiceModel.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\59353156806745822ad61a40de8fb631\System.IdentityModel.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\b078e9299fa1ffe96412d2e7ee47a0bb\System.Configuration.Install.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.Wrapper.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102cfe160aeb1e16a35890004a421ec9\System.Transactions.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll ()
      MOD - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
      MOD - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (IB Updater Updater) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe ()
      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
      SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
      SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
      SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
      SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
      SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (SProtection) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (Iminent)
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
      SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
      SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
      SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
      DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
      DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
      DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
      DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
      DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
      DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
      DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
      DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
      DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
      DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
      DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
      DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
      DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
      IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
      IE:64bit: - HKLM\..\SearchScopes\{570BACF0-9B61-4583-9F6C-62BD35142BE3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0Tzu0CtAtDtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1400190483
      IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
      IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=promose&chnl=promose&cd=2XzutAtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0TzutBtDtCtBtDyBtDtA&cr=1618964756
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
      IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
      IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
      IE - HKLM\..\SearchScopes\{570BACF0-9B61-4583-9F6C-62BD35142BE3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
      IE - HKLM\..\SearchScopes\{671A9C6D-2743-EF4D-D894-526E5E13329C}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={5444385B-8253-4E88-9A40-315BE23746F1}
      IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0Tzu0CtAtDtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1400190483
      IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
      IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=promose&chnl=promose&cd=2XzutAtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0TzutBtDtCtBtDyBtDtA&cr=1618964756


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.sweetim.com/?crg=3.1010000&barid={5444385B-8253-4E88-9A40-315BE23746F1}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN España: Hotmail, Messenger, Skype y Cuenta Microsoft
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=116986&tt=4612_3&babsrc=SP_ss&mntrId=f46b0a8500000000000000ff0d8a0786
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{570BACF0-9B61-4583-9F6C-62BD35142BE3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{6545E4BF-54A0-26AB-C310-082DA50D94DE}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=108750&tt=010712_7&babsrc=SP_ss&mntrId=f46b0a85000000000000009c0289cf1f
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{671A9C6D-2743-EF4D-D894-526E5E13329C}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111808&tt=290412_1_bst&babsrc=SP_ss&mntrId=f46b0a85000000000000009c0289cf1f
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0Tzu0CtAtDtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1400190483
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb192/?search={searchTerms}&loc=IB_DS&a=6OyScsMntY&i=26
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={5444385B-8253-4E88-9A40-315BE23746F1}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
      FF - prefs.js..backup.old.browser.search.selectedEngine: "Search the web (Babylon)"
      FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=111808&tt=290412_1_bst&babsrc=HP_ss&mntrId=f46b0a85000000000000009c0289cf1f"
      FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
      FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
      FF - prefs.js..browser.search.selectedEngine: ""
      FF - prefs.js..browser.startup.homepage: "http://www.google.es/"
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
      FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.1
      FF - prefs.js..extensions.enabledAddons: {dfefbe51-ca52-484b-adf0-6b158b05262d}:2.4.897.175
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.1.9
      FF - prefs.js..extensions.enabledAddons: [email protected]:20110101
      FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.5
      FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=116986&tt=4612_3&babsrc=KW_ss&mntrId=f46b0a8500000000000000ff0d8a0786&q="
      FF - prefs.js..network.proxy.type: 0


      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Iminent\[email protected] [2012/10/25 19:42:59 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/21 12:19:50 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 15:49:10 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/11/04 21:42:11 | 000,000,000 | ---D | M]

      [2012/05/03 15:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diego\AppData\Roaming\mozilla\Extensions
      [2012/11/21 19:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions
      [2012/05/08 22:01:46 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{19BED1B4-FA23-440B-99DA-A530D0D8FE06}
      [2012/10/24 14:34:10 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
      [2012/10/25 19:43:19 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
      [2012/11/21 19:00:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
      [2012/11/07 09:41:38 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      [2012/07/02 23:47:08 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\[email protected]
      [2012/10/26 14:29:13 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\[email protected]
      [2012/10/25 18:55:48 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\[email protected]
      [2012/11/21 18:37:48 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
      [2012/11/07 09:41:37 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
      [2012/10/26 14:29:31 | 000,002,357 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\searchplugins\Funmoods.xml
      [2012/10/25 18:53:44 | 000,002,203 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\searchplugins\MyStart Search.xml
      [2012/10/25 18:56:18 | 000,002,311 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\searchplugins\Search.xml
      [2012/05/14 15:30:53 | 000,003,915 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\searchplugins\sweetim.xml
      [2012/11/21 12:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/11/21 12:19:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
      [2012/11/04 21:42:11 | 000,000,000 | ---D | M] (PC Performer Manager) -- C:\PROGRAMDATA\PC PERFORMER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
      [2012/10/30 15:49:09 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/10/11 04:57:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/10/11 04:57:25 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/10/11 04:57:25 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/10/15 0606 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
      [2012/10/11 04:57:25 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/10/11 04:57:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/10/11 04:57:25 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: Google
      CHR - Extension: No name found = C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0\
      CHR - Extension: No name found = C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\1.0.1.6_0\
      CHR - Extension: No name found = C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\

      O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
      O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
      O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
      O2 - BHO: (TBSB02188 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Babylon Toolbar\tbcore3.dll ()
      O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {41B62AD3-5D43-40D1-9D43-F3539C1DB452} - C:\Program Files (x86)\Babylon Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
      O3 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\Toolbar\WebBrowser: (Babylon Toolbar) - {41B62AD3-5D43-40D1-9D43-F3539C1DB452} - C:\Program Files (x86)\Babylon Toolbar\tbcore3.dll ()
      O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
      O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
      O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
      O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
      O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
      O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
      O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
      O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
      O4 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - Startup: C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpbieafr.lnk = File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
      O7 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
      O7 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
      O7 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
      O7 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
      O7 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
      O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.50.1 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{759A226B-DA1E-40C8-96BD-1EF222D58FC0}: DhcpNameServer = 10.5.50.1 80.58.61.250 80.58.61.254
      O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\24897~1.175\{61d8b~1\pcpmngr.dll) - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
      O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2012/11/22 15:13:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/26 19:31:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Diego\Desktop\OTL.exe
      [2012/11/22 15:22:47 | 000,000,000 | ---D | C] -- C:\Users\Diego\AppData\Roaming\Autodesk
      [2012/11/22 15:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
      [2012/11/22 15:13:35 | 000,000,000 | ---D | C] -- C:\Autodesk
      [2012/11/21 20:37:48 | 000,000,000 | ---D | C] -- C:\_AT-Destroyer
      [2012/11/21 18:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      [2012/11/21 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
      [2012/11/21 17:31:09 | 000,000,000 | ---D | C] -- C:\Users\Diego\AppData\Roaming\Malwarebytes
      [2012/11/21 17:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2012/11/21 17:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/11/21 17:30:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2012/11/21 17:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [2012/11/21 17:28:55 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\rkill
      [2012/11/21 17:27:12 | 004,011,968 | ---- | C] (Piriform Ltd) -- C:\Users\Diego\Desktop\ccsetup324.exe
      [2012/11/21 17:27:12 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Diego\Desktop\iExplore.exe
      [2012/11/21 17:27:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Diego\Desktop\HijackThis.exe
      [2012/11/21 17:27:11 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Diego\Desktop\mbam-setup-1.65.1.1000.exe
      [2012/11/21 12:20:25 | 000,287,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
      [2012/11/21 12:20:25 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
      [2012/11/21 12:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
      [2012/11/21 12:20:24 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
      [2012/11/21 12:20:24 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
      [2012/11/21 12:20:23 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
      [2012/11/21 12:20:17 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2012/11/21 12:20:17 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
      [2012/11/21 12:19:36 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
      [2012/11/21 12:19:35 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
      [2012/11/21 12:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
      [2012/11/21 12:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
      [2012/11/19 11:09:38 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\RCT
      [2012/11/16 17:27:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBD4A980-480E-492B-8592-03200B0E992C}
      [2012/11/16 17:27:35 | 000,000,000 | ---D | C] -- C:\Users\Diego\AppData\Local\PackageAware
      [2012/11/16 17:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
      [2012/11/16 17:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LuckyWire
      [2012/11/05 14:53:23 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\uso publico do medio natural
      [2012/11/05 14:53:09 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\producción de plantas
      [2012/11/05 14:51:10 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\ultima musica
      [2012/11/01 19:25:26 | 000,042,248 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
      [2012/10/30 14:51:44 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\aproveitamentos cinexeticos e piscifactorias

      ========== Files - Modified Within 30 Days ==========

      [2012/11/26 19:38:28 | 001,555,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/11/26 19:38:28 | 000,693,688 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/11/26 19:38:28 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/11/26 19:38:28 | 000,137,296 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/11/26 19:38:28 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/11/26 19:34:32 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/26 19:34:32 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/26 19:29:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Diego\Desktop\OTL.exe
      [2012/11/26 19:26:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/11/26 19:26:34 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/26 19:17:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/11/23 16:39:03 | 000,000,056 | -H-- | M] () -- C:\AT-Cuarentena
      [2012/11/23 16:37:44 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDIEGO-Q$.job
      [2012/11/21 20:38:16 | 000,001,089 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpbieafr.lnk
      [2012/11/21 18:54:17 | 001,194,344 | ---- | M] () -- C:\Users\Diego\Desktop\AT-Destroyer.exe
      [2012/11/21 18:08:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [2012/11/21 17:30:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/21 17:25:04 | 004,011,968 | ---- | M] (Piriform Ltd) -- C:\Users\Diego\Desktop\ccsetup324.exe
      [2012/11/21 17:24:51 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Diego\Desktop\iExplore.exe
      [2012/11/21 17:16:14 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Diego\Desktop\mbam-setup-1.65.1.1000.exe
      [2012/11/21 17:08:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Diego\Desktop\HijackThis.exe
      [2012/11/21 12:20:25 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
      [2012/11/21 12:20:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
      [2012/11/18 21:02:52 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/11/16 17:16:00 | 032,572,249 | ---- | M] () -- C:\Users\Diego\Desktop\luckywirewin.exe
      [2012/11/15 17:31:58 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDiego.job
      [2012/11/09 17:18:25 | 003,891,761 | ---- | M] () -- C:\Users\Diego\Desktop\joao lucas e marcelo - eu quero tchu tcha.mp3
      [2012/11/09 17:16:50 | 003,448,755 | ---- | M] () -- C:\Users\Diego\Desktop\Yandar & Yostin Ft Andy Rivera - Te Pintaron Pajaritos.mp3
      [2012/11/05 21:51:20 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
      [2012/11/01 19:25:26 | 000,042,248 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
      [2012/10/29 16:11:38 | 000,020,817 | ---- | M] () -- C:\Users\Diego\Documents\UT_1_Cadro_exercicio_en_comun_actividade_agraria.pdf
      [2012/10/29 1658 | 000,133,174 | ---- | M] () -- C:\Users\Diego\Documents\UT_1_Formas_xuridicas_empresa.pdf

      ========== Files Created - No Company Name ==========

      [2012/11/21 18:53:07 | 001,194,344 | ---- | C] () -- C:\Users\Diego\Desktop\AT-Destroyer.exe
      [2012/11/21 18:08:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [2012/11/21 17:30:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/21 12:22:29 | 000,001,089 | ---- | C] () -- C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpbieafr.lnk
      [2012/11/21 12:20:25 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
      [2012/11/21 12:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
      [2012/11/16 17:15:23 | 032,572,249 | ---- | C] () -- C:\Users\Diego\Desktop\luckywirewin.exe
      [2012/11/15 00:16:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      [2012/11/15 00:13:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
      [2012/11/09 17:18:08 | 003,891,761 | ---- | C] () -- C:\Users\Diego\Desktop\joao lucas e marcelo - eu quero tchu tcha.mp3
      [2012/11/09 17:16:06 | 003,448,755 | ---- | C] () -- C:\Users\Diego\Desktop\Yandar & Yostin Ft Andy Rivera - Te Pintaron Pajaritos.mp3
      [2012/10/29 16:11:36 | 000,020,817 | ---- | C] () -- C:\Users\Diego\Documents\UT_1_Cadro_exercicio_en_comun_actividade_agraria.pdf
      [2012/10/29 1655 | 000,133,174 | ---- | C] () -- C:\Users\Diego\Documents\UT_1_Formas_xuridicas_empresa.pdf
      [2012/10/26 14:29:06 | 000,290,500 | ---- | C] () -- C:\Users\Diego\AppData\Local\funmoods-speeddial_sf.crx
      [2012/07/02 23:45:37 | 000,302,425 | ---- | C] () -- C:\Users\Diego\AppData\Local\funmoods-speeddial.crx
      [2012/02/23 20:42:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2012/02/23 20:33:08 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
      [2011/10/17 12:25:33 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
      [2011/09/06 12:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
      [2011/08/19 20:26:18 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
      [2011/07/05 11:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
      [2011/03/18 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

      ========== ZeroAccess Check ==========

      [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2012/11/22 15:22:47 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Autodesk
      [2012/11/21 12:30:27 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\BabylonToolbar
      [2012/11/21 18:18:18 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\DAEMON Tools Pro
      [2012/10/25 19:43:27 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Iminent
      [2012/10/25 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\PerformerSoft
      [2012/09/28 16:00:25 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\PlayerPlug
      [2012/09/28 16:00:25 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\PropMgrAsync
      [2012/05/02 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Synaptics
      [2012/08/27 23:26:45 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Windows Live Writer
      [2012/11/07 09:34:41 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\_MDLogs

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/11/23 16:39:03 | 000,000,056 | -H-- | M] () -- C:\AT-Cuarentena
      [2012/11/26 19:25:20 | 002,017,512 | ---- | M] () -- C:\AT-Destroyer.txt
      [2010/11/21 04:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2012/11/26 19:26:34 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/26 19:26:34 | 3870,195,712 | -HS- | M] () -- C:\pagefile.sys

      < End of report >

    6. #6
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.693

      Re: Se me abren ventanas continuamente

      Bien, ahora sigue estos pasos.

      MUY Importante: Realiza una copia de seguridad del Registro con ERUNT 1.1j siguiendo los pasos que indica el >> Manual.

      Y después ejecuta de nuevo OTL.exe

      Copia y Pega el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación.

      Código:
      :OTL
      PRC - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
      PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
      PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
      PRC - C:\Program Files\IB Updater\ExtensionUpdaterService.exe ()
      MOD - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
      MOD - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
      SRV:64bit: - (IB Updater Updater) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe ()
      SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
      SRV - (SProtection) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (Iminent)
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
      IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
      IE:64bit: - HKLM\..\SearchScopes\{570BACF0-9B61-4583-9F6C-62BD35142BE3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0Tzu0CtAtDtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1400190483
      IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=promose&chnl=promose&cd=2XzutAtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0TzutBtDtCtBtDyBtDtA&cr=1618964756
      IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
      IE - HKLM\..\SearchScopes\{570BACF0-9B61-4583-9F6C-62BD35142BE3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
      IE - HKLM\..\SearchScopes\{671A9C6D-2743-EF4D-D894-526E5E13329C}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={5444385B-8253-4E88-9A40-315BE23746F1}
      IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0Tzu0CtAtDtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1400190483
      IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=promose&chnl=promose&cd=2XzutAtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0TzutBtDtCtBtDyBtDtA&cr=1618964756
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.sweetim.com/?crg=3.1010000&barid={5444385B-8253-4E88-9A40-315BE23746F1}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=116986&tt=4612_3&babsrc=SP_ss&mntrId=f46b0a8500000000000000ff0d8a0786
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{570BACF0-9B61-4583-9F6C-62BD35142BE3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{6545E4BF-54A0-26AB-C310-082DA50D94DE}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=108750&tt=010712_7&babsrc=SP_ss&mntrId=f46b0a85000000000000009c0289cf1f
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{671A9C6D-2743-EF4D-D894-526E5E13329C}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111808&tt=290412_1_bst&babsrc=SP_ss&mntrId=f46b0a85000000000000009c0289cf1f
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtC0AtCtByEyBtD0AzzyDtN0D0Tzu0CtAtDtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1400190483
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb192/?search={searchTerms}&loc=IB_DS&a=6OyScsMntY&i=26
      IE - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={5444385B-8253-4E88-9A40-315BE23746F1}
      FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
      FF - prefs.js..backup.old.browser.search.selectedEngine: "Search the web (Babylon)"
      FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=111808&tt=290412_1_bst&babsrc=HP_ss&mntrId=f46b0a85000000000000009c0289cf1f"
      FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
      FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.1
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.1.9
      FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=116986&tt=4612_3&babsrc=KW_ss&mntrId=f46b0a8500000000000000ff0d8a0786&q="
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Iminent\[email protected] [2012/10/25 19:42:59 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/11/04 21:42:11 | 000,000,000 | ---D | M]
      [2012/05/08 22:01:46 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{19BED1B4-FA23-440B-99DA-A530D0D8FE06}
      [2012/10/24 14:34:10 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
      [2012/10/25 19:43:19 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
      [2012/11/07 09:41:38 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      [2012/07/02 23:47:08 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\[email protected]
      [2012/10/26 14:29:13 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\[email protected]
      [2012/10/25 18:55:48 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\42gdegfs.default\extensions\[email protected]
      [2012/11/07 09:41:37 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
      [2012/10/26 14:29:31 | 000,002,357 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\searchplugins\Funmoods.xml
      [2012/10/25 18:53:44 | 000,002,203 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\searchplugins\MyStart Search.xml
      [2012/10/25 18:56:18 | 000,002,311 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\searchplugins\Search.xml
      [2012/05/14 15:30:53 | 000,003,915 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\mozilla\firefox\profiles\42gdegfs.default\searchplugins\sweetim.xml
      [2012/11/04 21:42:11 | 000,000,000 | ---D | M] (PC Performer Manager) -- C:\PROGRAMDATA\PC PERFORMER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
      [2012/10/11 04:57:25 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/10/15 0606 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
      [2012/10/11 04:57:25 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
      O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
      O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
      O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
      O2 - BHO: (TBSB02188 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Babylon Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {41B62AD3-5D43-40D1-9D43-F3539C1DB452} - C:\Program Files (x86)\Babylon Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
      O3 - HKU\S-1-5-21-3772864597-1723059401-1094371518-1001\..\Toolbar\WebBrowser: (Babylon Toolbar) - {41B62AD3-5D43-40D1-9D43-F3539C1DB452} - C:\Program Files (x86)\Babylon Toolbar\tbcore3.dll ()
      O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
      O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - Startup: C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpbieafr.lnk = File not found
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\24897~1.175\{61d8b~1\pcpmngr.dll) - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
      [2012/11/16 17:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
      [2012/11/23 16:37:44 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDIEGO-Q$.job
      [2012/11/21 12:30:27 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\BabylonToolbar
      [2012/10/25 19:43:27 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Iminentº
      :Files
      ipconfig /flushdns /c
      ipconfig /renew /c
      :Commands
      [PURITY]
      [EMPTYFLASH]
      [EMPTYTEMP]
      [RESETHOSTS]
      Presiona el Botón Reparar para lanzar la eliminación. Después presionas en OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.

      Guardas el nuevo reporte generado, y lo copias y pegas en tu próxima respuesta, coméntanos también como sigue el ordenador ahora, en relación al problema planteado.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.