• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    Eliminar Awesomehp

    Resumen del tema: Eliminar Awesomehp - Hola daniela. A mi también se me instaló el awesomehp y no consigo quitarlo. Primero eliminé los programas que creia que podrian estar relacionados. PAsé el avast y nada... luego el malware en modo seguro ...

    1. #1
      Usuario Avatar de trampuchera
      Registrado
      ene 2014
      Ubicación
      España
      Mensajes
      1

      Eliminar Awesomehp

      Hola daniela. A mi también se me instaló el awesomehp y no consigo quitarlo. Primero eliminé los programas que creia que podrian estar relacionados. PAsé el avast y nada... luego el malware en modo seguro con funciones de red según leí en otro foro y me detectó 41 amenazas, las eliminé y reinicié y ahi seguia el awesome.. ahora estoy siguiendo tus pasos daniela, primero pasé el malware y no me detectó nada. Luego el OTL y me sale esto:

      OTL.Txt

      OTL logfile created on: 29/01/2014 12:49:02 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maria\Downloads
      Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,23% Memory free
      4,23 Gb Paging File | 2,63 Gb Available in Paging File | 62,17% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 111,69 Gb Total Space | 52,84 Gb Free Space | 47,31% Space Free | Partition Type: NTFS
      Drive D: | 108,19 Gb Total Space | 98,68 Gb Free Space | 91,21% Space Free | Partition Type: NTFS

      Computer Name: MARIA1 | User Name: maria | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\maria\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED)
      PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
      PRC - C:\Users\maria\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
      PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
      PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
      PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
      PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
      PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
      PRC - C:\Users\maria\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
      PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
      PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
      PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
      PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
      PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
      PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
      PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
      PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
      PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
      PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
      PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
      PRC - C:\Acer\Mobility Center\MobilityService.exe ()


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
      MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
      MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
      MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
      MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
      MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
      MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
      MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
      MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


      ========== Services (SafeList) ==========

      SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
      SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
      SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
      SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV - (IePluginService) -- C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED)
      SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
      SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
      SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
      SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
      SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
      SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
      SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
      SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()


      ========== Driver Services (SafeList) ==========

      DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
      DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
      DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
      DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
      DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
      DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
      DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
      DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
      DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
      DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
      DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
      DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
      DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
      DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)
      DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
      DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
      DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
      DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
      DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
      DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
      DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
      DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
      DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
      DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
      DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
      DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
      DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Awesomehp
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1390927258&from=tugs&uid=WDCXWD2500BEVS-22UST0_WD-WXH10802866028660&q={searchTerms}
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1390927258&from=tugs&uid=WDCXWD2500BEVS-22UST0_WD-WXH10802866028660&q={searchTerms}
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Awesomehp
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Awesomehp
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Bing
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Bing
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = Google
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..\SearchScopes,DefaultScope = {909FD0FF-F1F6-4600-9061-5F6F1B739393}
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..\SearchScopes\{2BFD7895-0CB3-4DEE-9928-4537BDBB22A7}: "URL" = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..\SearchScopes\{909FD0FF-F1F6-4600-9061-5F6F1B739393}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..\SearchScopes\{A48827F8-F9A7-4F36-833C-8153B01BCA33}: "URL" = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "http://www.google.es/"
      FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
      FF - prefs.js..keyword.URL: "http://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\OfferBox\extensions-3.1.3878.129\[email protected]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/15 11:19:35 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\ayx88jaq.default\extensions\[email protected]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/20 12:57:09 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/20 12:57:09 | 000,000,000 | ---D | M]

      [2011/03/15 19:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maria\AppData\Roaming\mozilla\Extensions
      [2014/01/28 23:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maria\AppData\Roaming\mozilla\Firefox\Profiles\ayx88jaq.default\extensions
      [2014/01/23 02:00:04 | 000,270,391 | ---- | M] () (No name found) -- C:\Users\maria\AppData\Roaming\mozilla\firefox\profiles\ayx88jaq.default\extensions\[email protected]
      [2014/01/26 20:33:04 | 000,021,498 | ---- | M] () (No name found) -- C:\Users\maria\AppData\Roaming\mozilla\firefox\profiles\ayx88jaq.default\extensions\[email protected]
      [2013/12/20 12:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
      [2013/12/20 12:57:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
      [2013/12/20 12:57:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
      [2013/12/20 12:57:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2014/01/28 17:41:03 | 000,000,567 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\awesomehp.xml

      O1 HOSTS File: ([2014/01/29 00:32:47 | 000,447,144 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O1 - Hosts: 127.0.0.1 www.007guard.com
      O1 - Hosts: 127.0.0.1 007guard.com
      O1 - Hosts: 127.0.0.1 008i.com
      O1 - Hosts: 127.0.0.1 www.008k.com
      O1 - Hosts: 127.0.0.1 008k.com
      O1 - Hosts: 127.0.0.1 00hq.com mobile
      O1 - Hosts: 127.0.0.1 00hq.com
      O1 - Hosts: 127.0.0.1 010402.com
      O1 - Hosts: 127.0.0.1 www.032439.com
      O1 - Hosts: 127.0.0.1 032439.com
      O1 - Hosts: 127.0.0.1 www.0scan.com
      O1 - Hosts: 127.0.0.1 0scan.com
      O1 - Hosts: 127.0.0.1 1000gratisproben.com
      O1 - Hosts: 127.0.0.1 1000gratisproben.com
      O1 - Hosts: 127.0.0.1 1001namen.com
      O1 - Hosts: 127.0.0.1 1001namen.com
      O1 - Hosts: 127.0.0.1 100888290cs.com
      O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
      O1 - Hosts: 127.0.0.1 www.100sexlinks.com
      O1 - Hosts: 127.0.0.1 100sexlinks.com
      O1 - Hosts: 127.0.0.1 Gadgets And More
      O1 - Hosts: 127.0.0.1 10sek.com
      O1 - Hosts: 127.0.0.1 www.1-2005-search.com
      O1 - Hosts: 15356 more lines...
      O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
      O2 - BHO: (no name) - {703740c1-0f1a-4cec-a4df-d78db0158477} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
      O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
      O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
      O4 - HKLM..\Run: [Acer Tour] File not found
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
      O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
      O4 - HKLM..\Run: [eRecoveryService] File not found
      O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
      O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
      O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
      O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
      O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
      O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
      O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
      O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
      O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
      O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
      O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
      O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
      O4 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
      O4 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000..\Run: [Facebook Update] "C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
      O4 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000..\Run: [Spotify Web Helper] C:\Users\maria\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
      O4 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
      O4 - HKLM..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\e5e245c1-fd0a-42bb-9eba-a2fb4ba0cf1f.exe (AVAST Software)
      O4 - Startup: C:\Users\maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
      O7 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
      O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O15 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..Trusted Domains: fnmt.es ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..Trusted Domains: fnmt.es ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..Trusted Domains: fnmt.es ([www.cert] http in Trusted sites)
      O15 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..Trusted Domains: gob.es ([*.agenciatributaria] https in Trusted sites)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
      O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.e...d/cactivex.cab (AeatCtl Class)
      O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
      O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F833EA1E-7F03-4CDE-893C-62F813F9DCA8}: DhcpNameServer = 192.168.1.1
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
      O18 - Protocol\Handler\sagetp {EB0D4937-D3F4-4CEC-9EB4-2B9DAA1676EC} - C:\GrupoSP\NOE11R01\EXE\sageProtocol.dll (SAGE SP)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
      O24 - Desktop WallPaper: C:\Users\maria\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
      O24 - Desktop BackupWallPaper: C:\Users\maria\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)
      MsConfig - StartUpReg: Acer Tour Reminder - hkey= - key= - C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
      MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
      MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
      MsConfig - StartUpReg: Facebook Update - hkey= - key= - File not found
      MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
      MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2014/01/28 17:43:27 | 000,000,000 | ---D | C] -- C:\Users\maria\.android
      [2014/01/28 17:43:19 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Local\genienext
      [2014/01/28 17:43:17 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Local\SwvUpdater
      [2014/01/28 17:43:17 | 000,000,000 | ---D | C] -- C:\Users\maria\Searches\Documents\Mobogenie
      [2014/01/28 17:43:17 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Local\Mobogenie
      [2014/01/28 17:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
      [2014/01/28 17:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
      [2014/01/28 17:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
      [2014/01/28 17:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
      [2014/01/15 21:48:40 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Roaming\AVAST Software
      [2014/01/15 11:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
      [2014/01/13 16:16:32 | 000,000,000 | ---D | C] -- C:\Users\maria\Desktop\Movil
      [2013/12/31 12:50:32 | 000,000,000 | ---D | C] -- C:\Users\maria\Desktop\EXITOS 2013

      ========== Files - Modified Within 30 Days ==========

      [2014/01/29 12:44:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2014/01/29 12:44:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2014/01/29 12:00:06 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2014/01/29 11:30:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2792370603-326241372-2547419334-1000UA.job
      [2014/01/29 10:46:41 | 000,052,659 | ---- | M] () -- C:\Users\maria\AppData\Roaming\nvModes.001
      [2014/01/29 10:44:22 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
      [2014/01/29 10:44:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2014/01/29 10:44:10 | 2145,820,672 | -HS- | M] () -- C:\hiberfil.sys
      [2014/01/29 00:34:32 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
      [2014/01/29 00:32:59 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
      [2014/01/29 00:32:47 | 000,447,144 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
      [2014/01/28 23:31:40 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2014/01/27 20:30:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2792370603-326241372-2547419334-1000Core.job
      [2014/01/24 23:55:05 | 000,000,135 | ---- | M] () -- C:\Users\maria\AppData\Roaming\WB.CFG
      [2014/01/20 10:59:57 | 000,129,751 | ---- | M] () -- C:\Users\maria\Desktop\garantia.jpg
      [2014/01/15 11:20:01 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
      [2014/01/15 11:19:33 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
      [2014/01/15 11:19:33 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
      [2014/01/15 11:19:33 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
      [2014/01/15 11:19:33 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
      [2014/01/15 11:19:33 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
      [2014/01/15 11:19:33 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
      [2014/01/15 11:19:32 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
      [2014/01/15 11:19:30 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
      [2014/01/15 11:19:30 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
      [2014/01/15 11:12:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
      [2014/01/03 21:32:29 | 000,673,822 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2014/01/03 21:32:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2014/01/03 21:32:29 | 000,131,910 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2014/01/03 21:32:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

      ========== Files Created - No Company Name ==========

      [2014/01/29 10:44:10 | 2145,820,672 | -HS- | C] () -- C:\hiberfil.sys
      [2014/01/20 10:59:57 | 000,129,751 | ---- | C] () -- C:\Users\maria\Desktop\garantia.jpg
      [2013/09/18 22:55:18 | 000,000,135 | ---- | C] () -- C:\Users\maria\AppData\Roaming\WB.CFG
      [2013/06/18 22:55:09 | 000,000,005 | ---- | C] () -- C:\Users\maria\AppData\Roaming\WBPU-TTL.DAT
      [2013/03/21 22:03:04 | 000,000,275 | ---- | C] () -- C:\Windows\wininit.ini
      [2013/03/21 19:04:26 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
      [2013/03/21 19:04:25 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
      [2013/02/15 00:03:33 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
      [2012/11/04 22:17:32 | 000,000,208 | ---- | C] () -- C:\Windows\ODBCINST.INI
      [2012/02/22 14:56:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
      [2011/11/10 11:58:14 | 000,052,659 | ---- | C] () -- C:\Users\maria\AppData\Roaming\nvModes.001
      [2011/11/10 11:58:09 | 000,052,659 | ---- | C] () -- C:\Users\maria\AppData\Roaming\nvModes.dat
      [2011/07/26 15:50:28 | 000,001,356 | ---- | C] () -- C:\Users\maria\AppData\Local\d3d9caps.dat
      [2011/04/04 17:50:38 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
      [2011/03/18 20:42:22 | 000,051,200 | ---- | C] () -- C:\Users\maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

      ========== ZeroAccess Check ==========

      [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2013/11/22 17:11:34 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\888poker.es
      [2011/03/15 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Acer
      [2014/01/15 21:48:40 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\AVAST Software
      [2013/02/14 23:46:58 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\DSite
      [2012/07/06 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Mipony
      [2011/06/01 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\OfferBox
      [2011/08/02 12:06:06 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\OpenOffice.org
      [2012/02/22 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\pdfforge
      [2014/01/29 10:37:17 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Search Protection
      [2011/07/31 15:24:03 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\SoftGrid Client
      [2013/12/11 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Spotify
      [2011/04/27 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\TP
      [2014/01/21 21:25:06 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\uTorrent

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2007/12/27 14:32:46 | 000,003,380 | ---- | M] () -- C:\-20071227.log
      [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
      [2007/12/27 20:40:20 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
      [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2014/01/29 10:44:10 | 2145,820,672 | -HS- | M] () -- C:\hiberfil.sys
      [2005/08/16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\junction.exe
      [2007/06/28 09:44:32 | 000,000,512 | ---- | M] () -- C:\MDR.iss
      [2011/03/13 14:12:41 | 000,000,020 | ---- | M] () -- C:\Medion.ini
      [2014/01/29 10:44:08 | 2459,627,520 | -HS- | M] () -- C:\pagefile.sys
      [2011/03/13 14:09:34 | 000,000,058 | ---- | M] () -- C:\Partition.txt
      [2011/03/13 13:51:19 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
      [2007/12/27 14:19:02 | 000,000,178 | ---- | M] () -- C:\setup.log

      < End of report >



      Extras.Txt:

      OTL Extras logfile created on: 29/01/2014 12:49:02 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maria\Downloads
      Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,23% Memory free
      4,23 Gb Paging File | 2,63 Gb Available in Paging File | 62,17% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 111,69 Gb Total Space | 52,84 Gb Free Space | 47,31% Space Free | Partition Type: NTFS
      Drive D: | 108,19 Gb Total Space | 98,68 Gb Free Space | 91,21% Space Free | Partition Type: NTFS

      Computer Name: MARIA1 | User Name: maria | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Extra Registry (SafeList) ==========


      ========== File Associations ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
      .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

      ========== Shell Spawning ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
      exefile [open] -- "%1" %*
      helpfile [open] -- Reg Error: Key error.
      hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
      htmlfile [edit] -- Reg Error: Key error.
      inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
      Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

      ========== Security Center Settings ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "cval" = 1
      "UacDisableNotify" = 0
      "InternetSettingsDisableNotify" = 0
      "AutoUpdateDisableNotify" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "AntiVirusOverride" = 0
      "AntiSpywareOverride" = 0
      "FirewallOverride" = 0
      "VistaSp1" = Reg Error: Unknown registry data type -- File not found
      "VistaSp2" = Reg Error: Unknown registry data type -- File not found

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

      ========== Firewall Settings ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      ========== Authorized Applications List ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
      "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
      "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
      "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


      ========== Vista Active Open Ports Exception List ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{0AEF7D64-00F6-4113-AC32-F6D864527006}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
      "{0C737408-3C70-4CD9-9066-0FEB652A222B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{1BA98FDE-C174-4963-9D69-9261764BB040}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
      "{352197E7-1AE9-4279-A58B-F6EAB350D11C}" = lport=2869 | protocol=6 | dir=in | app=system |
      "{52148A0D-079F-4D51-8715-14B0622616DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
      "{5A6EEDE5-58C9-4093-994D-5E01E8EFB4A6}" = rport=10243 | protocol=6 | dir=out | app=system |
      "{5C052692-869A-4D54-8C4E-1E10CC7BDDDF}" = lport=3050 | protocol=6 | dir=in | name=firebird database service |
      "{75CC0ADF-4E62-42F7-833C-19E6318F05D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
      "{866E5286-EF9A-43A1-A2C9-606F6A413C99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{A02B5DFD-3ED8-46AF-8A1D-801A84BA0ED7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
      "{B642CC1C-CDC0-45E9-BA0A-8AC43C95D3FB}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
      "{B8D9C285-9CF5-4EF4-B6D2-87D598FF96A7}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
      "{BF88417F-6D9B-4DE2-A8DC-44D9F7391A06}" = lport=10243 | protocol=6 | dir=in | app=system |
      "{C9B8684A-E35C-46C9-8DD6-37F1D7C956B3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
      "{E90D4FA8-4165-421F-A11E-9C7E11DF0C9A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
      "{FBD2210C-909B-4B69-A3E5-4E6C5922ACA0}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

      ========== Vista Active Application Exception List ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{00858E5F-C4F6-4D59-B169-31C0BF6CB342}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
      "{02A0E065-888B-4EBA-B08B-06BE08C0003D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
      "{0CC8003B-7B72-41CF-A471-EFA8084539AA}" = protocol=6 | dir=in | app=c:\gruposp\noe11r01\exe\nominaschild.exe |
      "{115C084A-7278-4D87-8367-78A8009D0325}" = protocol=17 | dir=in | app=c:\gruposp\noe11r01\exe\nominaschild.exe |
      "{1225BA11-DB79-4774-BCB8-09831936E71A}" = protocol=6 | dir=in | app=c:\gruposp\noe11r01\exe\launcher.exe |
      "{233AA0AE-9C20-4D44-A77C-686BA475A111}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
      "{31BA2323-F0FB-4474-9091-2D0DCB7E4308}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
      "{33657BC3-3542-4123-A975-602077BBA2B8}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
      "{33BA3CA6-3F7D-4EB2-B889-7573B5034C7C}" = protocol=17 | dir=in | app=c:\gruposp\noe11r01\exe\launcher.exe |
      "{4126703C-B936-43D0-9D3C-9708F92FB61B}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
      "{42DA3D87-DCA3-4C9D-9363-E6700501C0D4}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
      "{494A0F6C-6F04-4F43-B361-C192525ACCEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
      "{61C7C17F-B965-48D8-9138-225B003727B4}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
      "{68E74583-E02D-40CB-AAE8-BB0534290FC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
      "{6B148B29-DE0A-434C-BAEE-8B2A83CC6129}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
      "{758BB5A4-CBB7-46DC-BCE2-A436D41670BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
      "{762BE03C-992D-4289-B840-B2C6A61C7001}" = dir=in | app=c:\users\maria\appdata\local\facebook\video\skype\facebookvideocalling.exe |
      "{7C021A67-828D-4C2B-9D24-507DBB675B26}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
      "{7DB0E14A-441E-4A48-887C-E10FEEDB69BD}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
      "{802F2AE0-16BE-428E-836E-9D40357319B2}" = protocol=6 | dir=out | app=system |
      "{81563B48-3D12-428C-AFA3-4EF27AE355E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
      "{83CBAEF6-D604-490A-B3A5-9D0B74A9AAC3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
      "{851A0E48-5EF7-4836-97D2-734AEABB78FD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
      "{87DAA4D4-D74A-4AFB-BBEF-77FCECF795CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
      "{90518492-018F-4710-8589-4EE3596E880B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
      "{93D420F6-EA60-4084-A620-06DE533F847A}" = protocol=17 | dir=in | app=c:\users\maria\appdata\roaming\utorrent\utorrent.exe |
      "{9D254469-ABE5-4F62-95B5-F2BC17A97DE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
      "{A6C6DAC1-8159-488E-BE68-D3FD4B898772}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
      "{AA0BD6C1-092D-405E-B1C8-D6D3E4DC4945}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
      "{ADD62F20-98BE-497D-A5B1-5C25E504C692}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
      "{B25B266F-8074-4731-92D6-FB9FA273C8F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
      "{B9DC82E2-F4E4-428F-9912-7226A530D25C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
      "{BEE2D1A1-5CE2-4C0F-B024-687ED3A25AB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
      "{C2CF88C7-E6EC-4529-BCCD-49C0BC8F3019}" = dir=in | app=c:\program files\itunes\itunes.exe |
      "{C2E6A14D-5E96-4320-9912-0BD3E091CA08}" = protocol=6 | dir=in | app=c:\users\maria\appdata\roaming\utorrent\utorrent.exe |
      "TCP Query User{208478BE-435A-4748-B224-000359B3D3B6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
      "TCP Query User{30DAA03F-E144-4890-813A-17E920CAF645}C:\users\maria\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\maria\appdata\roaming\spotify\spotify.exe |
      "TCP Query User{3294C146-D9A1-4BA1-B4D4-243067753B86}C:\program files\888poker.es\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files\888poker.es\bin\poker.exe |
      "TCP Query User{3F39B57D-23CD-4CC4-803C-4F89265DD8EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
      "TCP Query User{C1BAE18A-A77B-4F40-A4A9-9207723B935D}D:\nueva carpeta\ares\ares.exe" = protocol=6 | dir=in | app=d:\nueva carpeta\ares\ares.exe |
      "TCP Query User{C2DD6ED8-B5C5-4FE4-8592-DB90615E1881}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
      "TCP Query User{C318F830-7735-4050-860B-47FE937F280E}D:\nueva carpeta\ares\ares.exe" = protocol=6 | dir=in | app=d:\nueva carpeta\ares\ares.exe |
      "TCP Query User{D1CF569C-9819-4F42-A012-3E7C02E6AB51}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
      "TCP Query User{D91D1A00-7C3C-401E-8E39-6C8A6B11F481}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
      "TCP Query User{E2CBC162-1296-4709-813A-84713F2A30F3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
      "TCP Query User{F766E5D8-F967-4C81-AD5A-16C00B1B866E}C:\users\maria\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\maria\appdata\roaming\spotify\spotify.exe |
      "UDP Query User{032E180E-13D5-4685-A590-C110502B44A8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
      "UDP Query User{3020BFA0-C7DC-443E-ABB9-58C77AE6D26D}C:\program files\888poker.es\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files\888poker.es\bin\poker.exe |
      "UDP Query User{6711C0E3-A132-4B2B-BB81-1238D8309533}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
      "UDP Query User{760655D6-7CA0-4B5A-BC02-A45051AD468C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
      "UDP Query User{9AE3CA33-03FC-486D-9726-E910B5C1E63B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
      "UDP Query User{9F71AFFB-E336-436A-9345-3A0B704FBFDF}D:\nueva carpeta\ares\ares.exe" = protocol=17 | dir=in | app=d:\nueva carpeta\ares\ares.exe |
      "UDP Query User{C1392CA3-281E-4FDA-BAE7-242CF290125D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
      "UDP Query User{D29462A7-CDA5-4320-8E6A-7FC5156E96D9}D:\nueva carpeta\ares\ares.exe" = protocol=17 | dir=in | app=d:\nueva carpeta\ares\ares.exe |
      "UDP Query User{E3516AEF-0098-4B22-A18A-F5848B0AF500}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
      "UDP Query User{E61E9AC4-F29B-48F7-9500-C00F393FE498}C:\users\maria\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\maria\appdata\roaming\spotify\spotify.exe |
      "UDP Query User{F4394BEC-0416-459F-9740-EDB04E1C4409}C:\users\maria\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\maria\appdata\roaming\spotify\spotify.exe |

      ========== HKEY_LOCAL_MACHINE Uninstall List ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
      "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
      "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
      "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
      "{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
      "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
      "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
      "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
      "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
      "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
      "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 39
      "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
      "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
      "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
      "{4B930AE3-61C6-4D02-A9D4-84F4ACBCEC25}" = OpenOffice.org 3.3
      "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
      "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
      "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
      "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
      "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Compatibilidad con Aplicaciones de Apple
      "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
      "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
      "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
      "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
      "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
      "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
      "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
      "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
      "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
      "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
      "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
      "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
      "{80DDC39C-8CB5-49de-9748-36C990922110}" = Microsoft Works
      "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
      "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
      "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
      "{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
      "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
      "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
      "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory e Intel® Matrix Storage Manager
      "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
      "{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
      "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
      "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
      "{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
      "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
      "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
      "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
      "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
      "{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
      "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
      "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
      "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
      "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
      "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
      "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
      "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
      "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
      "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
      "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
      "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
      "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
      "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
      "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
      "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
      "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
      "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
      "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
      "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
      "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
      "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
      "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
      "888poker.es" = 888poker.es
      "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
      "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
      "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
      "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
      "Ares" = Ares 2.1.7
      "avast" = avast! Free Antivirus
      "CCleaner" = CCleaner
      "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
      "EPSON Printer and Utilities" = Software de impresora EPSON
      "EPSON Scanner" = EPSON Scan
      "Firebird ODBC Driver_is1" = Firebird ODBC Driver 1.2.0.69
      "GridVista" = Acer GridVista
      "IePlugins" = IePluginService12.27.0.3326
      "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
      "KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.5 (Full)
      "LManager" = Launch Manager
      "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.75.0.1300
      "Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
      "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
      "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
      "Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
      "Mozilla Firefox 26.0 (x86 es-ES)" = Mozilla Firefox 26.0 (x86 es-ES)
      "MozillaMaintenanceService" = Mozilla Maintenance Service
      "NVIDIA Drivers" = NVIDIA Drivers
      "PokerStars" = PokerStars
      "SynTPDeinstKey" = Synaptics Pointing Device Driver
      "WinLiveSuite" = Windows Live Essentials
      "WinRAR archiver" = WinRAR 4.00 (32-bit)
      "YTdetect" = Yahoo! Detect

      ========== HKEY_USERS Uninstall List ==========

      [HKEY_USERS\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "Search Protection" = Search Protection
      "Spotify" = Spotify
      "uTorrent" = µTorrent

      ========== Last 20 Event Log Errors ==========

      [ Application Events ]
      Error - 28/01/2014 15:43:26 | Computer Name = maria1 | Source = Windows Search Service | ID = 3013
      Description =

      Error - 28/01/2014 15:43:26 | Computer Name = maria1 | Source = Windows Search Service | ID = 3013
      Description =

      Error - 28/01/2014 15:43:26 | Computer Name = maria1 | Source = Windows Search Service | ID = 3013
      Description =

      Error - 28/01/2014 15:43:26 | Computer Name = maria1 | Source = Windows Search Service | ID = 3013
      Description =

      Error - 28/01/2014 15:43:26 | Computer Name = maria1 | Source = Windows Search Service | ID = 3013
      Description =

      Error - 28/01/2014 15:43:27 | Computer Name = maria1 | Source = Windows Search Service | ID = 3013
      Description =

      Error - 28/01/2014 15:43:27 | Computer Name = maria1 | Source = Windows Search Service | ID = 3013
      Description =

      Error - 28/01/2014 17:52:39 | Computer Name = maria1 | Source = Application Error | ID = 1000
      Description = Aplicación con errores eDSLoader.exe, versión 2.5.260.2, marca de
      hora 0x462f125f, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6002.18881,
      marca de tiempo 0x51da3e27, código de excepción 0xc0000135, desplazamiento con
      errores 0x00009f5d, Id. de proceso 0x9ec, hora de inicio de la aplicación 0x01cf1c733f0a0cd8.

      Error - 28/01/2014 20:03:37 | Computer Name = maria1 | Source = EventSystem | ID = 4609
      Description =

      Error - 29/01/2014 5:48:41 | Computer Name = maria1 | Source = Application Error | ID = 1000
      Description = Aplicación con errores eDSLoader.exe, versión 2.5.260.2, marca de
      hora 0x462f125f, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6002.18881,
      marca de tiempo 0x51da3e27, código de excepción 0xc0000135, desplazamiento con
      errores 0x00009f5d, Id. de proceso 0x394, hora de inicio de la aplicación 0x01cf1cd6cf195950.

      [ Spybot - Search and Destroy Events ]
      Error - 12/05/2013 11:47:57 | Computer Name = maria1 | Source = SDCleaner | ID = 100
      Description = LoadCleaningInstructions

      [ System Events ]
      Error - 28/01/2014 15:38:41 | Computer Name = maria1 | Source = Service Control Manager | ID = 7000
      Description =

      Error - 28/01/2014 17:52:47 | Computer Name = maria1 | Source = Service Control Manager | ID = 7000
      Description =

      Error - 28/01/2014 20:03:31 | Computer Name = maria1 | Source = DCOM | ID = 10005
      Description =

      Error - 28/01/2014 20:03:37 | Computer Name = maria1 | Source = DCOM | ID = 10005
      Description =

      Error - 28/01/2014 20:03:38 | Computer Name = maria1 | Source = DCOM | ID = 10005
      Description =

      Error - 28/01/2014 20:03:39 | Computer Name = maria1 | Source = DCOM | ID = 10005
      Description =

      Error - 28/01/2014 20:03:40 | Computer Name = maria1 | Source = DCOM | ID = 10005
      Description =

      Error - 28/01/2014 20:05:08 | Computer Name = maria1 | Source = Service Control Manager | ID = 7001
      Description =

      Error - 28/01/2014 20:05:08 | Computer Name = maria1 | Source = Service Control Manager | ID = 7026
      Description =

      Error - 29/01/2014 5:44:28 | Computer Name = maria1 | Source = Service Control Manager | ID = 7000
      Description =


      < End of report >

    2. #2
      Moderadora
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      8.814

      Re: no consigo eliminar awesomehp

      Hola trampuchera


      Mueve OTL al escritorio.

      sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix.exe en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      Después ejecuta de nuevo OTL.exe

      Copia y Pega el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación.

      Código:
      :OTL
      PRC - C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED)
      SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
      SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
      SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
      SRV - (IePluginService) -- C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED)
      DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
      DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
      DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
      DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
      DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Awesomehp
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1390927258&from=tugs&uid=WDCXWD2500BEVS-22UST0_WD-WXH10802866028660&q={searchTerms}
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1390927258&from=tugs&uid=WDCXWD2500BEVS-22UST0_WD-WXH10802866028660&q={searchTerms}
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Awesomehp
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Awesomehp
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..\SearchScopes\{2BFD7895-0CB3-4DEE-9928-4537BDBB22A7}: "URL" = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
      IE - HKU\S-1-5-21-2792370603-326241372-2547419334-1000\..\SearchScopes\{A48827F8-F9A7-4F36-833C-8153B01BCA33}: "URL" = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
      FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
      FF - prefs.js..keyword.URL: "http://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\ayx88jaq.default\extensions\[email protected]
      [2014/01/23 02:00:04 | 000,270,391 | ---- | M] () (No name found) -- C:\Users\maria\AppData\Roaming\mozilla\firefox\profiles\ayx88jaq.default\extensions\[email protected]
      [2014/01/26 20:33:04 | 000,021,498 | ---- | M] () (No name found) -- C:\Users\maria\AppData\Roaming\mozilla\firefox\profiles\ayx88jaq.default\extensions\[email protected]
      [2013/12/20 12:57:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
      [2014/01/28 17:41:03 | 000,000,567 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\awesomehp.xml
      
      O2 - BHO: (no name) - {703740c1-0f1a-4cec-a4df-d78db0158477} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O4 - HKLM..\Run: [Acer Tour] File not found
      O4 - HKLM..\Run: [eRecoveryService] File not found
      O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
      O4 - HKU\S-1-5-21-2792370603-326241372-2547419334-1000..\Run: [Facebook Update] "C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O13 - gopher Prefix: missing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
      O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
      O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
      O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
      MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
      MsConfig - StartUpReg: Facebook Update - hkey= - key= - File not found
      [2014/01/28 17:43:19 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Local\genienext
      [2014/01/28 17:43:17 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Local\SwvUpdater
      [2014/01/28 17:43:17 | 000,000,000 | ---D | C] -- C:\Users\maria\Searches\Documents\Mobogenie
      [2014/01/28 17:43:17 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Local\Mobogenie
      [2014/01/28 17:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
      [2014/01/28 17:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
      [2014/01/28 17:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
      
      :Files
      ipconfig /flushdns /c
      ipconfig /renew /c
      :Commands
      [PURITY]
      [EMPTYFLASH]
      [EMPTYTEMP]
      [RESETHOSTS]
      Presiona el Botón Reparar para lanzar la eliminación. Después presionas en OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.

      Guardas el nuevo reporte generado, y lo copias y pegas en tu próxima respuesta.

      Si el proceso de OTL(Reparar) te da problemas en modo normal de windows, lo pasas en modo seguro, pero primero en modo normal.

      Después de pasar OTL, realiza lo siguiente:

      Descarga e instala Java Update

      Y cuando nos contestes dinos que versión de Java se ha quedado instalada >> ¿Cómo puedo comprobar si Java funciona en mi equipo?

      Compruébalo en todos los navegadores.


      Si sigues con el problema despues de reparar con OTL, Revisa el siguiente enlace la parte de los navegadores, en tu caso busca todo lo que no conozcas o hayas instalado, lo eliminas.


      Elimina los accesos directos de los navegadores, del escritorio y la barra de tareas.

      Reinicia y comprueba.

      Pega el log de OTL y comenta como sigue el problema.

      Un saludo
      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.