• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    Lollipop

    Hola, qué tal? Soy nueva en el foro.. pasó que le presto la notebook a mi madre... y no sé qué tanto hace con los juegos de facebook. Ahora tengo un virus que me abre ...

    1. #1
      Usuario Avatar de Iris11
      Registrado
      abr 2013
      Ubicación
      Buenos Aires, A
      Mensajes
      1

      Lollipop

      Hola, qué tal? Soy nueva en el foro.. pasó que le presto la notebook a mi madre... y no sé qué tanto hace con los juegos de facebook. Ahora tengo un virus que me abre cada tanto una página con publicidad, vi que hay un tema ya con este virus abierto y solucionado... pero creo que el resultado OTL.txt es diferente...

      Espero me puedan ayudar.

      Aquí les pego el resultado que me generó:






      OTL logfile created on: 4/12/2013 11:16:32 PM - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Iris\Downloads
      Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.10.9200.16540)
      Locale: 00000409 | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

      1.96 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 57.21% Memory free
      3.92 Gb Paging File | 2.86 Gb Available in Paging File | 72.95% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
      Drive C: | 106.39 Gb Total Space | 56.44 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
      Drive D: | 106.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
      Drive E: | 4.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

      Computer Name: IRIS-PC | User Name: Iris | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2013/04/12 22:51:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Iris\Downloads\OTL.com
      PRC - [2013/03/12 22:27:00 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
      PRC - [2013/02/27 13:43:30 | 003,962,728 | ---- | M] () -- C:\Program Files\tutoriales100_ar_13\tutoriales100_ar_13.exe
      PRC - [2013/02/27 13:43:30 | 002,082,664 | ---- | M] () -- C:\Users\Iris\AppData\Local\tutoriales100_ar_13\upt100_ar_13.exe
      PRC - [2013/02/20 23:23:11 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
      PRC - [2013/02/20 23:23:11 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
      PRC - [2012/12/18 11:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
      PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
      PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
      PRC - [2012/10/30 19:30:42 | 000,196,624 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
      PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
      PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
      PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
      PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
      PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
      PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
      PRC - [2012/05/18 15:44:06 | 000,929,792 | ---- | M] () -- C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe
      PRC - [2012/05/02 21:31:36 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
      PRC - [2012/04/02 23:39:42 | 000,061,440 | ---- | M] () -- C:\Program Files\NetNucleous\ActiveCollector\ACRecover.exe
      PRC - [2012/02/26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
      PRC - [2011/12/05 13:38:52 | 000,182,576 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files\BrowserCompanion\BCHelper.exe
      PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
      PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
      PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
      PRC - [2010/05/06 03:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
      PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
      PRC - [2010/03/25 16:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
      PRC - [2010/03/24 01:12:58 | 001,599,880 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
      PRC - [2010/01/18 23:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
      PRC - [2009/11/11 01:21:36 | 000,717,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
      PRC - [2009/11/04 01:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
      PRC - [2009/06/03 08:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
      PRC - [2009/04/15 11:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
      PRC - [2009/03/27 2356 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


      ========== Modules (No Company Name) ==========

      MOD - [2013/03/12 22:27:00 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
      MOD - [2013/02/27 13:43:30 | 003,962,728 | ---- | M] () -- C:\Program Files\tutoriales100_ar_13\tutoriales100_ar_13.exe
      MOD - [2013/02/27 13:43:30 | 002,082,664 | ---- | M] () -- C:\Users\Iris\AppData\Local\tutoriales100_ar_13\upt100_ar_13.exe
      MOD - [2013/02/20 23:23:11 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
      MOD - [2013/02/20 23:23:11 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
      MOD - [2012/12/13 07:16:27 | 000,225,280 | ---- | M] () -- C:\Users\Iris\AppData\Roaming\Mozilla\FireFox\{5cea9a87-a3a5-4c2a-b08d-8a1876d4931c}\components\ACFFComponent.dll
      MOD - [2012/05/18 15:44:06 | 000,929,792 | ---- | M] () -- C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe
      MOD - [2012/05/02 21:31:36 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
      MOD - [2012/04/02 23:39:42 | 000,061,440 | ---- | M] () -- C:\Program Files\NetNucleous\ActiveCollector\ACRecover.exe
      MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
      MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
      MOD - [2011/08/07 08:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files\BrowserCompanion\sqlite3.dll
      MOD - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
      MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
      MOD - [2009/06/03 08:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
      MOD - [2009/06/03 08:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
      MOD - [2006/08/12 00:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


      ========== Services (SafeList) ==========

      SRV - [2013/03/12 22:27:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
      SRV - [2013/02/20 23:23:11 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
      SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
      SRV - [2012/12/18 11:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
      SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
      SRV - [2012/10/30 19:30:42 | 000,196,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe -- (NitroReaderDriverReadSpool3)
      SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
      SRV - [2012/05/02 21:31:36 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
      SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
      SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
      SRV - [2010/11/20 09:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
      SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
      SRV - [2009/03/27 2356 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


      ========== Driver Services (SafeList) ==========

      DRV - [2013/02/20 23:23:11 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
      DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
      DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
      DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
      DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
      DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
      DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
      DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
      DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
      DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
      DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
      DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
      DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
      DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
      DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
      DRV - [2010/09/21 13:31:38 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
      DRV - [2010/07/08 09:34:54 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
      DRV - [2010/07/08 09:34:54 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
      DRV - [2010/07/08 09:34:36 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
      DRV - [2009/12/14 17:44:42 | 001,245,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
      DRV - [2009/09/28 06:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
      DRV - [2009/07/21 19:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
      DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
      DRV - [2009/07/10 11:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
      IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com/search?q={searchTerms}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyE0CtD0FyC0Ezz0C0E0DtAtDtA0AyD0CtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=962253087


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylon.com/?affID=108750&tt=4912_4&babsrc=HP_ss&mntrId=7ee23a5c0000000000004a0f6e8ced30
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com/search?q={searchTerms}
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=AR&install_date=20130119&user_guid=6BE20325E69346D1A2C38795042AAD32&machine_id=d72467aa0f992f62c41bc81c08fad0b7&browser=IE&os=win&os_version=6.1-x86-SP1&iesrc={referrer:source}
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=108750&tt=4912_4&babsrc=SP_ss&mntrId=7ee23a5c0000000000004a0f6e8ced30
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_es___AR432
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyE0CtD0FyC0Ezz0C0E0DtAtDtA0AyD0CtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=962253087
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\SearchScopes\{DDBB8B35-3D91-4F99-9C84-073D61B382B9}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=kw&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM5AR&apn_uid=5EBA7466-420F-45A3-B094-3ABBF2AE4CFD&apn_sauid=FBBC80F4-EEE6-4AD6-9E61-59C4560C3AE0
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.selectedEngine: "Yahoo"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "www.google.com.ar"
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.1
      FF - prefs.js..extensions.enabledAddons: {5cea9a87-a3a5-4c2a-b08d-8a1876d4931c}:12
      FF - prefs.js..extensions.enabledAddons: [email protected]:14.2.0.1
      FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Ba003ab81-75c8-452c-9d3d-5a1216d9c44b%7D&mid=68dcf16cb4af47d1b2cad16d12349e5e-ba846664426a45d90ad2a5680143f6547b7ed088&ds=AVG&v=13.2.0.5&lang=es-es&pr=fr&d=2012-05-22%2022%3A03%3A32&sap=ku&q="


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
      FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
      FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Iris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{5cea9a87-a3a5-4c2a-b08d-8a1876d4931c}: C:\Users\Iris\AppData\Roaming\Mozilla\FireFox\{5cea9a87-a3a5-4c2a-b08d-8a1876d4931c} [2012/12/13 07:16:27 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/20 23:23:47 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/02 21:31:36 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 23:14:48 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\LyricsFinder\FF\ [2013/03/14 02:00:12 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Iris\AppData\Roaming\IDM\idmmzcc3

      [2013/03/14 02:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iris\AppData\Roaming\mozilla\Extensions
      [2013/01/19 22:03:32 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Iris\AppData\Roaming\mozilla\Firefox\Profiles\gghplf61.default\extensions
      [2012/08/27 17:17:30 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Iris\AppData\Roaming\mozilla\Firefox\Profiles\gghplf61.default\extensions\[email protected]
      [2011/07/04 15:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iris\AppData\Roaming\mozilla\Firefox\Profiles\gghplf61.default\extensions\chrome
      [2011/07/04 15:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iris\AppData\Roaming\mozilla\Firefox\Profiles\gghplf61.default\extensions\components
      [2012/11/14 15:38:25 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Iris\AppData\Roaming\mozilla\Firefox\Profiles\gghplf61.default\extensions\[email protected]
      [2012/11/14 15:37:33 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\Iris\AppData\Roaming\mozilla\firefox\profiles\gghplf61.default\extensions\[email protected]
      [2013/01/06 22:01:39 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Iris\AppData\Roaming\mozilla\firefox\profiles\gghplf61.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
      [2012/12/07 17:41:28 | 000,002,432 | ---- | M] () -- C:\Users\Iris\AppData\Roaming\mozilla\firefox\profiles\gghplf61.default\searchplugins\babylon1.xml
      [2012/08/17 19:30:24 | 000,006,362 | ---- | M] () -- C:\Users\Iris\AppData\Roaming\mozilla\firefox\profiles\gghplf61.default\searchplugins\Google.xml
      [2012/02/24 12:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
      [2012/02/24 12:22:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      [2013/03/14 02:00:12 | 000,000,000 | ---D | M] ("Lyrics Finder") -- C:\PROGRAM FILES\LYRICSFINDER\FF
      [2013/02/20 23:23:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
      [2013/03/14 02:09:12 | 000,000,000 | ---D | M] (Media Finder plugin) -- C:\USERS\IRIS\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\@THEMEDIAFINDER.COM
      [2013/03/14 02:09:12 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\IRIS\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
      [2012/12/13 07:16:27 | 000,000,000 | ---D | M] (ACFF12Component) -- C:\USERS\IRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\{5CEA9A87-A3A5-4C2A-B08D-8A1876D4931C}
      [2012/05/02 21:31:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2013/02/20 23:23:49 | 000,003,717 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
      [2012/12/07 17:41:12 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      [2011/10/03 23:09:36 | 000,004,080 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2011/10/03 23:09:36 | 000,002,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolibre-ar.xml
      [2011/10/03 23:09:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/05/02 21:31:35 | 000,000,824 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-ar.xml

      O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
      O2 - BHO: (ActiveCollectorPluginBHO Class) - {07202B0D-149C-4568-90DF-ACC2B4057809} - C:\Program Files\NetNucleous\ActiveCollector\ActiveCollectorPlugin.dll (NetNucleus Inc.)
      O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files\LyricsFinder\lfind.dll (Nijad Software)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
      O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
      O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Iris\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
      O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Iris\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
      O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
      O4 - HKLM..\Run: [ActiveCollector] C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe ()
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
      O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
      O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
      O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
      O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
      O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
      O4 - HKLM..\Run: [tutoriales100_ar_13] C:\Program Files\tutoriales100_ar_13\tutoriales100_ar_13.exe ()
      O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
      O4 - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000..\Run: [ActiveCollector] C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe ()
      O4 - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
      O4 - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000..\Run: [LonelyWalker] C:\Program Files\NetNucleous\ActiveCollector\ACRecover.exe ()
      O4 - HKU\S-1-5-21-1636518059-4109472759-2779696801-1000..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder)
      O4 - HKLM..\RunOnce: [upt100_ar_13.exe] C:\Users\Iris\AppData\Local\tutoriales100_ar_13\upt100_ar_13.exe ()
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O8 - Extra context menu item: Buscar en la web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
      O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html ()
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
      O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.42.4.204 200.49.130.41
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12AEB3A9-7C47-4A01-8DBE-8940E2DD124E}: DhcpNameServer = 200.42.4.204 200.49.130.41
      O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
      O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
      O18 - Protocol\Handler\linkscanner - No CLSID value found
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
      O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O20 - AppInit_DLLs: (c:\progra~2\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O33 - MountPoints2\{3c6b9c6d-8287-11e0-9170-002454d077ad}\Shell - "" = AutoRun
      O33 - MountPoints2\{3c6b9c6d-8287-11e0-9170-002454d077ad}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{3c6b9c7f-8287-11e0-9170-002454d077ad}\Shell - "" = AutoRun
      O33 - MountPoints2\{3c6b9c7f-8287-11e0-9170-002454d077ad}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{3c6b9ca1-8287-11e0-9170-002454d077ad}\Shell - "" = AutoRun
      O33 - MountPoints2\{3c6b9ca1-8287-11e0-9170-002454d077ad}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{936042c5-627f-11e2-bf15-002454d077ad}\Shell - "" = AutoRun
      O33 - MountPoints2\{936042c5-627f-11e2-bf15-002454d077ad}\Shell\AutoRun\command - "" = F:\Setup.exe
      O33 - MountPoints2\{e7e94bcd-82d2-11e0-94c8-002454d077ad}\Shell - "" = AutoRun
      O33 - MountPoints2\{e7e94bcd-82d2-11e0-94c8-002454d077ad}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\F\Shell - "" = AutoRun
      O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found


      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2013/04/11 03:06:58 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
      [2013/04/11 03:06:56 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
      [2013/04/11 03:06:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
      [2013/04/11 03:06:56 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
      [2013/04/11 03:06:55 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
      [2013/04/11 03:06:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
      [2013/04/11 03:06:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
      [2013/04/11 03:06:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
      [2013/04/11 03:06:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
      [2013/04/11 03:06:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
      [2013/04/10 1344 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
      [2013/04/10 1340 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
      [2013/04/10 1339 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
      [2013/04/10 1339 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
      [2013/04/10 1326 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
      [2013/04/10 1326 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
      [2013/04/08 00:08:59 | 000,000,000 | ---D | C] -- C:\My Shared Folder
      [2013/04/07 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\Iris\Desktop\Download
      [2013/04/07 16:51:37 | 000,000,000 | ---D | C] -- C:\Users\Iris\Desktop\My Shared Folder
      [2013/03/29 09:49:09 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
      [2013/03/29 09:49:09 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
      [2013/03/29 09:49:08 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
      [2013/03/29 09:49:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
      [2013/03/29 09:49:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
      [2013/03/29 09:49:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
      [2013/03/29 09:49:07 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
      [2013/03/29 09:49:06 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
      [2013/03/29 09:49:05 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
      [2013/03/29 09:49:05 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
      [2013/03/29 09:49:05 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
      [2013/03/29 09:49:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
      [2013/03/29 09:49:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
      [2013/03/29 09:49:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
      [2013/03/29 09:49:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
      [2013/03/29 09:49:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
      [2013/03/29 09:49:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
      [2013/03/29 09:49:00 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
      [2013/03/29 09:49:00 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
      [2013/03/29 09:48:59 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
      [2013/03/29 09:48:59 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
      [2013/03/29 09:48:58 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
      [2013/03/29 09:48:58 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
      [2013/03/29 09:48:58 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
      [2013/03/29 09:48:57 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
      [2013/03/29 09:48:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
      [2013/03/25 09:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
      [2013/03/20 2011 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023.sys
      [2013/03/19 11:52:03 | 000,000,000 | ---D | C] -- C:\Users\Iris\AppData\Local\eorezo
      [2013/03/19 11:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUTORIALES100
      [2013/03/19 11:52:01 | 000,000,000 | ---D | C] -- C:\Users\Iris\AppData\Local\tutoriales100_ar_13
      [2013/03/19 11:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\tutoriales100_ar_13
      [2013/03/19 11:51:57 | 000,000,000 | ---D | C] -- C:\Users\Iris\AppData\Local\Lollipop
      [2013/03/19 11:51:44 | 000,000,000 | ---D | C] -- C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
      [2013/03/19 11:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\FLVPlayer
      [2013/03/14 02:02:18 | 000,000,000 | ---D | C] -- C:\Users\Iris\Qtrax
      [2013/03/14 02:02:18 | 000,000,000 | ---D | C] -- C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX
      [2013/03/14 02:02:10 | 000,000,000 | ---D | C] -- C:\Users\Iris\AppData\Local\Downloaded Installations
      [2013/03/14 02:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
      [2013/03/14 02:00:15 | 000,000,000 | ---D | C] -- C:\Users\Iris\AppData\Roaming\Media Finder
      [2013/03/14 02:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Media Finder
      [2013/03/14 02:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsFinder
      [2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
      [2 C:\Users\Iris\*.tmp files -> C:\Users\Iris\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2013/04/12 23:19:22 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/04/12 23:19:22 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/04/12 23:12:15 | 000,000,386 | ---- | M] () -- C:\windows\tasks\Lyrics Finder Update.job
      [2013/04/12 23:12:00 | 000,001,020 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
      [2013/04/12 23:11:20 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
      [2013/04/12 23:11:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
      [2013/04/12 23:11:09 | 2106,179,584 | -HS- | M] () -- C:\hiberfil.sys
      [2013/04/12 22:51:01 | 000,001,024 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
      [2013/04/12 15:26:00 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
      [2013/04/12 14:48:42 | 000,704,518 | ---- | M] () -- C:\windows\System32\perfh00A.dat
      [2013/04/12 14:48:42 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
      [2013/04/12 14:48:42 | 000,138,226 | ---- | M] () -- C:\windows\System32\perfc00A.dat
      [2013/04/12 14:48:42 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
      [2013/04/12 14:11:00 | 000,001,062 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1636518059-4109472759-2779696801-1000UA.job
      [2013/04/11 03:26:38 | 000,270,224 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
      [2013/04/11 02:11:01 | 000,001,040 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1636518059-4109472759-2779696801-1000Core.job
      [2013/04/11 00:23:34 | 000,001,049 | ---- | M] () -- C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
      [2013/03/29 09:49:09 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
      [2013/03/29 09:49:09 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
      [2013/03/29 09:49:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
      [2013/03/29 09:49:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
      [2013/03/29 09:49:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
      [2013/03/29 09:49:07 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
      [2013/03/29 09:49:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
      [2013/03/29 09:49:06 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
      [2013/03/29 09:49:05 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
      [2013/03/29 09:49:05 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
      [2013/03/29 09:49:05 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
      [2013/03/29 09:49:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
      [2013/03/29 09:49:04 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
      [2013/03/29 09:49:04 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
      [2013/03/29 09:49:02 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
      [2013/03/29 09:49:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
      [2013/03/29 09:49:00 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
      [2013/03/29 09:49:00 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
      [2013/03/29 09:49:00 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
      [2013/03/29 09:48:59 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
      [2013/03/29 09:48:59 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
      [2013/03/29 09:48:58 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
      [2013/03/29 09:48:58 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
      [2013/03/29 09:48:58 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
      [2013/03/29 09:48:58 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
      [2013/03/29 09:48:57 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
      [2013/03/29 09:48:56 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
      [2013/03/25 09:55:00 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
      [2013/03/19 11:51:43 | 000,000,983 | ---- | M] () -- C:\Users\Iris\Desktop\FLV Player.lnk
      [2013/03/19 02:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
      [2013/03/19 02:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
      [2013/03/19 01:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
      [2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
      [2 C:\Users\Iris\*.tmp files -> C:\Users\Iris\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2013/03/29 09:48:58 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
      [2013/03/25 09:55:00 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
      [2013/03/19 11:51:59 | 000,001,049 | ---- | C] () -- C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
      [2013/03/19 11:51:43 | 000,000,983 | ---- | C] () -- C:\Users\Iris\Desktop\FLV Player.lnk
      [2013/03/14 02:02:30 | 000,002,355 | ---- | C] () -- C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
      [2013/03/14 02:00:15 | 000,000,386 | ---- | C] () -- C:\windows\tasks\Lyrics Finder Update.job
      [2013/01/19 19:05:19 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
      [2013/01/19 19:05:19 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
      [2013/01/19 19:05:19 | 000,216,064 | ---- | C] ( ) -- C:\windows\System32\lagarith.dll
      [2013/01/19 19:05:18 | 000,178,688 | ---- | C] () -- C:\windows\System32\unrar.dll
      [2013/01/19 19:05:14 | 000,112,640 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
      [2012/11/14 15:37:48 | 000,290,500 | ---- | C] () -- C:\Users\Iris\AppData\Local\funmoods-speeddial_sf.crx
      [2012/11/14 15:37:47 | 000,031,465 | ---- | C] () -- C:\Users\Iris\AppData\Local\funmoods.crx
      [2011/11/10 22:48:59 | 000,000,275 | ---- | C] () -- C:\Users\Iris\AppData\Local\HamsterVideoConverterSettings.cfg
      [2011/05/27 00:47:32 | 000,010,240 | ---- | C] () -- C:\Users\Iris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2011/05/19 22:44:08 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

      ========== ZeroAccess Check ==========

      [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2013/01/11 02:17:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
      [2013/01/11 02:17:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
      [2012/12/16 19:42:49 | 000,000,000 | ---D | M] -- C:\Users\Invitado\AppData\Roaming\AVG2013
      [2012/12/16 19:42:48 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\AVG2013
      [2012/05/22 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\AVG7
      [2012/08/27 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Babylon
      [2011/12/27 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
      [2011/12/03 23:18:51 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\DiskAid
      [2011/08/30 12:48:06 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\DMCache
      [2012/12/07 17:46:23 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\DVDVideoSoft
      [2012/12/13 16:57:09 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\FileOpen
      [2012/10/29 13:14:45 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\funkitron
      [2013/02/10 20:41:31 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Funmoods
      [2012/05/23 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\IObit
      [2013/03/14 02:09:12 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Media Finder
      [2012/05/18 13:49:20 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\NetNucleous
      [2012/12/13 16:57:09 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Nitro
      [2013/04/12 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Nitro PDF
      [2012/12/07 17:45:59 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\OpenCandy
      [2013/04/12 16:12:40 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\SoftGrid Client
      [2011/05/20 00:19:22 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\TP
      [2012/12/16 19:24:34 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\TuneUp Software
      [2012/05/18 13:50:49 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\VideoLAN
      [2011/07/24 15:47:44 | 000,000,000 | ---D | M] -- C:\Users\Iris\AppData\Roaming\Windows Live Writer

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %systemroot%\System32\config\*.sav >

      < %SYSTEMDRIVE%\*.* >
      [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2013/04/12 23:11:09 | 2106,179,584 | -HS- | M] () -- C:\hiberfil.sys
      [2013/04/12 23:11:09 | 2106,179,584 | -HS- | M] () -- C:\pagefile.sys

      < %appdata%\* >

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:8530A643
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2430E4FC
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:268F887D

      < End of report >

    2. #2
      Ex-Colaborador Avatar de Marr0n
      Registrado
      mar 2010
      Ubicación
      Catalunya
      Mensajes
      5.871

      Re: Lollipop

      , aunque hayas hecho algo + o - parecido, haz esto y sigue los pasos al pie de la letra.

      En los escaneos conecta todos tus dispositivos extraibles.

      Nota: Sino puedes hacer alguno de los pasos lo omites y pasas al siguiente.

      Inicias en > Modo seguro

      Descarga, instala y actualiza:


      Actualizalos, es muy importante





      Ejecutas Malwarebytes.

      Haz un "escaneo completo".
      Una vez finalizado, si te detecta algo eliges "quitar lo seleccionado ".

      Si te pide reiniciar, lo haces.
      En la pestaña "Registros", encontrarás el reporte.

      Ejecutas Ccleaner usando sus opciones Limpiador y Registro.

      Realiza una análisis online con > Panda ActiveScan 2.0 > Manual de Panda ActiveScan 2.0

      En tu próximo post pegas los reportes del Malwarebytes y el del Panda Active Scan. (Aunque no te detecten nada o no te salga ninguna infección).

      sALU2.
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.