pabloradice

Thanks a lot. I suppose that would be all. Program said "Done!" and after that I deleted the Combofix.exe from desktop. So thank you for all your effort, your kind help, and your quickness! Best regards, Pablo

I'm trying to uninstall ComboFix, with the two methods you described, and it removes all archives but after that, combofix auto installs again and it tries to run again (I don't want to run it again so I restarted the system to avoid running combofix) Any clues on how to remove it from the system? Thanks a lot

Done. Chrome seems to start normally now. Waiting for further instructions. Thanks a lot. Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Trend Micro OfficeScan Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware versión 1.70.0.1100 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (18.0) Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Trend Micro OfficeScan Client pccntmon.exe Trend Micro OfficeScan Client ntrtscan.exe Trend Micro OfficeScan Client tmlisten.exe Trend Micro OfficeScan Client TmPfw.exe Trend Micro OfficeScan Client TmProxy.exe Trend Micro OfficeScan Client CNTAoSMgr.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

I had downloaded MBAM, but I decided not to install anything during the cleaning process. Installed and run MBAM. Here is the log, with the 3 files identified and deleted: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Versión de la Base de Datos: v2013.01.16.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 celeste :: CELESTE-PC [administrador] 16/01/2013 05:26:52 p.m. mbam-log-2013-01-16 (17-26-52).txt Tipos de Análisis: Análisis Rápido Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opciones de análisis desactivados: P2P Objetos examinados: 213118 Tiempo transcurrido: 3 minuto(s), 24 segundo(s) Procesos en Memoria Detectados: 0 (No se han detectado elementos maliciosos) Módulos de Memoria Detectados: 0 (No se han detectado elementos maliciosos) Claves del Registro Detectados: 0 (No se han detectado elementos maliciosos) Valores del Registro Detectados: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\SYSTEM32\CORE.DLL (Trojan.Agent) -> datos: 1 -> En cuarentena y eliminado con éxito. Elementos de Datos del Registro Detectados: 0 (No se han detectado elementos maliciosos) Carpetas Detectadas: 0 (No se han detectado elementos maliciosos) Archivos Detectados: 2 C:\Windows\System32\core.dll (Trojan.Agent) -> En cuarentena y eliminado con éxito. C:\Windows\SysWOW64\core.dll (Trojan.Agent) -> En cuarentena y eliminado con éxito. fin)

This computer belongs to a network in an institute and that's our network proxy. Those settings were there prior to the malware. IE and Firefox got back to normal before I posted here for the first time by resetting the start page and search engines' config. I tried reinstalling chrome. Seems to start normally now. What scan do we need to do to track possible remainders of this malware? Thanks for all your help and patience.

Done. I still get the feed.helperbar at Chrome start ComboFix log here: ComboFix 13-01-16.01 - celeste 16/01/2013 15:47:28.1.2 - x64 Microsoft Windows 7 Home Basic 6.1.7601.1.1252.54.3082.18.2667.1382 [GMT -3:00] Running from: c:\users\celeste\Desktop\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\s.bat . . ((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 ))))))))))))))))))))))))))))))) . . 2013-01-16 19:39 . 2013-01-16 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-15 20:27 . 2013-01-15 20:27 -------- d-----w- c:\windows\ERUNT 2013-01-15 20:27 . 2013-01-15 20:27 -------- d-----w- C:\JRT 2013-01-15 18:03 . 2013-01-16 18:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-15 18:03 . 2009-01-25 15:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe 2013-01-15 18:03 . 2013-01-16 18:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-01-15 18:02 . 2013-01-15 18:02 -------- d-----w- c:\users\celeste\AppData\Local\Programs 2013-01-15 16:53 . 2013-01-15 20:33 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2313239-6110-4B5D-86C1-738A95158E43}\offreg.dll 2013-01-15 16:08 . 2013-01-15 16:09 -------- d-----w- c:\program files\CCleaner 2013-01-15 15:34 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2313239-6110-4B5D-86C1-738A95158E43}\mpengine.dll 2013-01-11 17:23 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-11 17:23 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-11 17:23 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-11 17:23 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-11 17:23 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-11 17:23 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-11 17:23 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-11 17:23 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-11 17:23 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-11 17:23 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-11 17:21 . 2012-12-07 11:20 43520 ----a-w- c:\windows\system32\csrr.rs 2013-01-11 17:20 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-11 17:20 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-08 21:58 . 2013-01-08 21:58 -------- d-----w- c:\users\celeste\AppData\Local\Macromedia 2012-12-21 21:28 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 21:28 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 21:28 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 21:28 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-11 17:23 . 2012-12-08 22:51 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-11 17:23 . 2011-10-12 08:10 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-30 04:45 . 2013-01-11 17:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-16 19:28 . 2011-10-07 06:12 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-14 07:06 . 2012-12-13 02:13 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 02:13 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 02:13 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 02:13 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 02:13 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 02:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 02:13 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 02:13 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 02:13 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 02:13 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 02:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 02:13 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 02:13 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 02:13 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 02:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 02:13 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 02:13 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 02:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 02:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 02:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 02:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 02:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 14:27 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 14:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 14:22 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 14:22 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352] "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-06-16 329056] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2011-03-23 1366936] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-7-29 1132320] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 344616] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 TmPfw;OfficeScan NT Firewall;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-01-07 595960] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-06-16 57952] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-06-16 39008] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-06-16 13408] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-07-21 196688] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2012-07-17 344376] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2012-07-17 42808] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-07-21 338000] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-06-16 29792] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-12-15 917840] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-10-21 228224] S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys [2010-08-16 8320] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 18:31 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-08 17:23] . 2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 01:26] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 01:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2011-06-16 01:44 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeScanNT Monitor"="-HideWindow" [X] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-06-16 114688] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-06-16 9753024] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-06-16 5908928] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.leloir;*.cicema.org.ar uInternet Settings,ProxyServer = proxy:3128 uSearchAssistant = hxxp://www.google.com IE: &Enviar a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página al dispositivo &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 200.69.193.1 200.69.193.2 DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab FF - ProfilePath - c:\users\celeste\AppData\Roaming\Mozilla\Firefox\Profiles\1eytlpou.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Notify-SDWinLogon - SDWinLogon.dll Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-16 16:43:42 ComboFix-quarantined-files.txt 2013-01-16 19:43 . Pre-Run: 322.559.143.936 bytes libres Post-Run: 322.412.744.704 bytes libres . - - End Of File - - FC07C7EC145F656CD0424247948F752A

I've done all of that, and I found nothing suspicious (still, I disabled everything not essential). I had done everything suggested by that link you provided before I came here. It had worked fine for IE and Firefox, but I still get feed.helperbar.com whenever I start Chrome. So I still have the same problem for Chrome only. Thanks for all your help.

Thanks for the help. Posting OTL logs now: OTL.txt OTL logfile created on: 16/01/2013 11:38:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\celeste\Desktop\PABLO - Malware Removal 64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy 2,60 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 49,93% Memory free 5,21 Gb Paging File | 3,30 Gb Available in Paging File | 63,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 305,12 Gb Free Space | 72,33% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,81 Gb Free Space | 92,47% Space Free | Partition Type: NTFS Computer Name: CELESTE-PC | User Name: celeste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/16 11:35:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\celeste\Desktop\PABLO - Malware Removal\OTL.exe PRC - [2013/01/07 21:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/12/24 08:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2010/07/29 16:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2009/04/02 16:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe ========== Modules (No Company Name) ========== MOD - [2013/01/07 21:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll MOD - [2013/01/07 21:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll MOD - [2013/01/07 21:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll MOD - [2013/01/07 21:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll MOD - [2013/01/07 21:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2011/12/06 00:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/12/05 22:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013/01/12 18:54:44 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/11 14:23:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/05 04:56:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011/03/22 14:48:40 | 002,020,720 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten) SRV - [2011/03/22 14:41:22 | 001,937,544 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan) SRV - [2010/12/15 17:48:14 | 000,917,840 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010/07/29 16:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010/01/07 11:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw) SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/06 00:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/12/05 23:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/06/15 22:59:42 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2011/06/15 22:59:29 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2011/06/15 22:56:53 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2011/06/15 22:56:53 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/14 01:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010/12/24 08:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/11/29 05:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/11/24 08:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/08 19:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010/10/21 07:05:22 | 000,228,224 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs) DRV:64bit: - [2010/09/30 05:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010/09/03 02:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/08/16 06:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt) DRV:64bit: - [2010/07/21 14:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp) DRV:64bit: - [2010/07/21 14:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf) DRV:64bit: - [2010/07/19 11:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/07/19 11:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/07/19 11:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/07/13 04:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/06/24 23:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/05/14 19:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010/05/14 19:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010/03/01 12:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/02/18 06:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/21 11:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 17:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter) DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys -- (TmPreFilter) DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys -- (VSApiNt) DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN'>http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_esAR452 IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.leloir;*.cicema.org.ar IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:3128 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:3.1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 18:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/12 18:54:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 18:54:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/12 18:54:26 | 000,000,000 | ---D | M] [2011/10/05 22:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\celeste\AppData\Roaming\mozilla\Extensions [2013/01/15 13:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\celeste\AppData\Roaming\mozilla\Firefox\Profiles\1eytlpou.default\extensions [2012/01/21 23:14:13 | 000,013,642 | ---- | M] () (No name found) -- C:\Users\celeste\AppData\Roaming\mozilla\firefox\profiles\1eytlpou.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2013/01/12 18:54:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/01/12 18:54:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/01/12 18:54:45 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/02 10:21:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/01/10 20:29:00 | 000,004,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml [2013/01/10 20:29:00 | 000,001,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml [2013/01/10 20:29:00 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [2013/01/10 20:29:00 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml [2013/01/10 20:28:59 | 000,001,315 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: B\u00FAsqueda de Google = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Skype Click to Call = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: Gmail = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [sDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001..\Run: [EPSON TX125 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGB.EXE /FU "C:\windows\TEMP\E_S7435.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.69.193.1 200.69.193.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33}: DhcpNameServer = 200.69.193.1 200.69.193.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93ED2492-4AF2-4216-BF9A-6E07A0F50070}: DhcpNameServer = 172.16.254.247 172.16.254.245 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{dafecfc9-307b-11e1-b0b5-c0f8dac62219}\Shell - "" = AutoRun O33 - MountPoints2\{dafecfc9-307b-11e1-b0b5-c0f8dac62219}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{dafecfd6-307b-11e1-b0b5-c0f8dac62219}\Shell - "" = AutoRun O33 - MountPoints2\{dafecfd6-307b-11e1-b0b5-c0f8dac62219}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{dafecfea-307b-11e1-b0b5-c0f8dac62219}\Shell - "" = AutoRun O33 - MountPoints2\{dafecfea-307b-11e1-b0b5-c0f8dac62219}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/15 17:27:44 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/01/15 17:27:06 | 000,000,000 | ---D | C] -- C:\JRT [2013/01/15 16:10:38 | 000,000,000 | ---D | C] -- C:\Users\celeste\Desktop\PABLO - Malware Removal [2013/01/15 15:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/01/15 15:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/01/15 15:03:16 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe [2013/01/15 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013/01/15 15:02:04 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\Programs [2013/01/15 13:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/01/15 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/01/15 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{D53BEF53-F52C-4AE5-A662-A298FC5FE396} [2013/01/14 13:58:42 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth [2013/01/14 13:17:53 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{9E376894-779E-452F-B084-B4672FAE6CDB} [2013/01/13 16:50:42 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{5B5757F7-AAC1-4D32-9709-922CD75917CA} [2013/01/12 18:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/12 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{71D8883D-13E0-44BC-98B9-2B09EC5DF3E1} [2013/01/11 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{24CAF0E9-7B76-48AB-BE44-37EA1202CD74} [2013/01/10 20:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [2013/01/10 19:54:31 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{3FBFB6AB-842A-4B2A-AEF6-3EB15425CC7E} [2013/01/10 10:49:02 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{E05C8F76-8F81-4AFD-A614-E6A8DD7969CC} [2013/01/09 11:57:28 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{4BE6E1AE-5273-4CA6-B6AC-4D66C0593E08} [2013/01/08 19:04:51 | 000,000,000 | ---D | C] -- C:\Users\celeste\Desktop\Review PD 2013 [2013/01/08 18:58:46 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\Macromedia [2013/01/08 10:53:07 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{6E4379F9-D49C-402F-BB52-E3D51D95A0CE} [2013/01/08 10:49:53 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{36B6BA29-51E7-4646-A61E-3296932B3B0B} [2013/01/07 10:43:01 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{A717A524-8AD4-48D5-868E-7740C6E13E3A} [2013/01/05 16:19:23 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{E48695D7-433A-4380-9A34-91533E35BB8D} [2012/12/22 12:38:25 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{BAFB9130-6B9F-486B-B841-5CDA5AC56676} [2012/12/21 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{4F991087-E1BA-44FF-8CFC-C3D1144E29DA} [2012/12/19 08:46:20 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{E55F4ABA-AC0F-4B7A-93E9-BCA4A22070E6} [2012/12/19 08:39:38 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{14D5C202-611A-483D-AAFA-59FF9A6257FF} [2012/12/18 15:11:41 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{D27AE58F-8ECB-40FB-8656-E74E05D1A3F1} ========== Files - Modified Within 30 Days ========== [2013/01/16 11:32:45 | 000,763,024 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/01/16 11:32:45 | 000,638,230 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/01/16 11:32:45 | 000,113,586 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/01/16 11:32:45 | 000,019,236 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat [2013/01/16 11:32:45 | 000,007,496 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat [2013/01/16 11:31:00 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/16 11:29:23 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/16 11:29:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/15 18:31:00 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/15 17:28:30 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/15 17:28:30 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/15 17:21:09 | 000,311,975 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013/01/15 17:20:27 | 2097,336,320 | -HS- | M] () -- C:\hiberfil.sys [2013/01/15 15:03:28 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/01/15 13:09:07 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/01/14 18:58:03 | 000,244,860 | ---- | M] () -- C:\Users\celeste\Desktop\exp 2 viabilidad HeLa 14-1-13.pzf [2013/01/13 16:51:28 | 000,016,488 | ---- | M] () -- C:\windows\cfgall.ini [2013/01/11 15:58:45 | 002,350,360 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/01/08 15:45:02 | 000,001,587 | ---- | M] () -- C:\Users\celeste\Desktop\Google Chrome.lnk [2013/01/07 14:00:43 | 001,714,001 | ---- | M] () -- C:\Users\celeste\Desktop\Stepping PC TNF analisis 20-12-12.pzf ========== Files Created - No Company Name ========== [2013/01/15 15:03:28 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/01/15 15:03:28 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/01/15 13:09:07 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/01/14 18:57:08 | 000,244,860 | ---- | C] () -- C:\Users\celeste\Desktop\exp 2 viabilidad HeLa 14-1-13.pzf [2013/01/08 15:44:57 | 000,001,617 | ---- | C] () -- C:\Users\celeste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2013/01/08 15:44:57 | 000,001,587 | ---- | C] () -- C:\Users\celeste\Desktop\Google Chrome.lnk [2012/12/20 11:51:34 | 001,714,001 | ---- | C] () -- C:\Users\celeste\Desktop\Stepping PC TNF analisis 20-12-12.pzf [2012/10/02 06:41:48 | 000,027,426 | ---- | C] () -- C:\Users\celeste\na01di01.jpg [2012/06/01 08:53:40 | 000,006,399 | ---- | C] () -- C:\Users\celeste\01-06-12.gif [2012/05/11 19:59:09 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe [2012/05/11 19:58:54 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe [2012/05/10 21:15:35 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat [2012/05/10 21:15:35 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat [2012/05/10 21:15:35 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat [2012/05/10 21:15:35 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat [2012/05/10 21:15:35 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat [2012/05/10 21:15:35 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat [2012/05/10 21:15:35 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat [2012/05/10 21:15:35 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat [2012/05/10 21:15:35 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat [2012/05/10 21:15:35 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat [2012/05/10 21:15:35 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat [2012/05/10 21:15:35 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat [2012/05/10 21:15:35 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat [2012/05/10 21:15:35 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat [2012/05/10 21:15:35 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat [2012/05/10 21:15:35 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini [2012/05/10 21:09:54 | 000,000,088 | ---- | C] () -- C:\windows\ETX123_125.ini [2012/02/03 16:54:00 | 000,035,019 | ---- | C] () -- C:\Users\celeste\AppData\Roaming\EndNote.rar [2011/12/05 23:35:10 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2011/12/05 23:35:10 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll [2011/11/04 11:48:53 | 000,000,000 | ---- | C] () -- C:\Users\celeste\AppData\Local\{A2A0156B-B8C7-41A4-AFF7-F2BAD2B98BAC} [2011/10/24 06:30:53 | 000,004,096 | -H-- | C] () -- C:\Users\celeste\AppData\Local\keyfile3.drm [2011/10/05 23:07:59 | 000,016,488 | ---- | C] () -- C:\windows\cfgall.ini [2011/09/12 20:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/06/15 23:06:31 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2011/06/15 23:06:31 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2011/06/15 22:44:23 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2011/06/15 22:44:22 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2011/06/15 22:44:22 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011/06/15 22:44:22 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011/06/15 22:44:07 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011/06/15 22:18:49 | 000,001,652 | ---- | C] () -- C:\windows\vm331Rmv.ini [2011/06/15 22:18:49 | 000,001,652 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini [2011/06/15 21:59:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/06/24 22:52:57 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\ArcSyncConfig [2012/02/03 18:15:15 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\EndNote [2012/05/24 13:13:22 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\Epson [2011/10/05 22:27:45 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\GraphPad Software [2011/10/06 05:52:16 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\Lenovo [2012/09/24 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\Youtube Downloader HD ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 16/01/2013 11:38:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\celeste\Desktop\PABLO - Malware Removal 64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy 2,60 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 49,93% Memory free 5,21 Gb Paging File | 3,30 Gb Available in Paging File | 63,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 305,12 Gb Free Space | 72,33% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,81 Gb Free Space | 92,47% Space Free | Partition Type: NTFS Computer Name: CELESTE-PC | User Name: celeste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2A9FABFF-D0DE-4081-90E1-EE137C3A30CC}" = lport=18231 | protocol=6 | dir=in | name=trend micro officescan listener | "{37D185C8-E5FF-402A-93EC-5E7688860FC3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{51809273-1071-4C1E-8180-BE020146B09C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{C57CFE76-0B0E-4F90-9162-670DD77FFA7A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DE819EC-9F56-4B1D-A184-39DF817D6943}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{32F5CFBF-6077-4EAD-8080-755A7CFB613D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{34147434-4708-4E9E-A78E-DB29DF7E3119}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{4D483D6C-0916-4E27-A05F-D60E68EEB90B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A8C1919E-79E1-45D6-BBC6-DBC502234820}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C5951D3A-41DF-4530-B565-417E445B92F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{C87BAF8A-C12F-482F-8EFC-EC24BFE3758D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{D190DE6B-A569-47B1-8168-688A363E03C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E8707764-AC27-4CDE-A29E-D87B0D65FBAE}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0D98B285-0777-B3B7-7A3D-9C85422203B9}" = ccc-utility64 "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{418A8D89-B9AA-B872-5927-3D1A052CEAA8}" = AMD Media Foundation Decoders "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software "{45CB0703-D49C-31B2-0DBD-FDD98D7DEF7A}" = AMD Drag and Drop Transcoding "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8924F1FE-8AC5-C2AE-59EF-C5D65B226933}" = AMD Catalyst Install Manager "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010 "{909EDD8B-F26D-7051-C761-3386A1AFE052}" = ATI AVIVO64 Codecs "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack "{C7768A7E-3E00-F72D-052F-BB4A7C617FC0}" = AMD Fuel "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Paquete de controladores de Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) "EPSON TX125 Series" = Desinstalador de impresoras EPSON TX125 Series "Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = Compresor WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{010977DE-35D4-4F21-9BFB-0CFE7DF3848D}" = MxPro "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{06870F63-4D1C-171F-9552-368D3890D92F}" = CCC Help French "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{14CE04AF-0EBC-B865-382F-1FB466CAC301}" = CCC Help English "{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1DBC5882-96E2-3A01-A32C-9B6F6EF6CF25}" = CCC Help Korean "{1F36B20F-7408-EC75-2825-E9FE81B0339D}" = CCC Help Norwegian "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{30DAAF05-3679-C10C-953C-BB422FCDF557}" = CCC Help Swedish "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5 "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{428536FB-25A0-8531-75EF-D7A7C340B0A4}" = AMD VISION Engine Control Center "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4BA6B7C9-65AE-BE8B-687A-6F1A2D7F9705}" = CCC Help Czech "{4C8E1E1B-175F-AF47-8B21-E12C7C8B5D40}" = CCC Help Thai "{4EAF46A2-DB90-6B67-F640-5CC876A2B5C4}" = CCC Help Greek "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D5B8455-50E0-F94A-4C82-0F9303BB4C0E}" = CCC Help Danish "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{7765BB73-D985-42C9-C7EE-AB434D59429F}" = CCC Help Chinese Traditional "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7ADFB885-8E98-6AAE-8687-D6EFB5127F6B}" = Catalyst Control Center Graphics Previews Common "{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7F7C616E-6971-77D9-7D59-82DC35DF81AC}" = CCC Help Russian "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4 "{8B31B757-3FE6-11D5-80FE-0050DA0AC313}" = IQ Solutions "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BD586FDF-FA7C-40AC-800D-EAD5AE85AC2C}" = "{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010 "{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010 "{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010 "{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010 "{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010 "{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010 "{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010 "{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROPLUS_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010 "{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUS_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010 "{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROPLUS_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010 "{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROPLUS_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010 "{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010 "{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010 "{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010 "{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010 "{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = ZTE HSDPA EDGE USB MODEM "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FA5B08F-9162-BCCB-AFAC-28DF1751BEC3}" = Catalyst Control Center Localization All "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Español "{ACD238D4-5E74-42E1-8B11-A477BCE70D2F}" = Adobe Setup "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{AF859F36-5F97-F6EC-A617-62771A8B4FDC}" = CCC Help Finnish "{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BB095F3E-0A7D-7DD4-B2A8-47CB12E416B0}" = CCC Help Japanese "{BC71B06F-BFAE-6A73-091C-F18ACF00A04C}" = CCC Help Italian "{BDCBA80C-A3BD-9DA5-E43F-EBBBE779C032}" = CCC Help Hungarian "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEEA6219-8792-3E40-D361-4FB5F0FBBB0F}" = CCC Help Portuguese "{CF053286-7F4C-CAFB-616B-58EC562BB28E}" = CCC Help Chinese Standard "{D07BB56A-7DB4-4564-A1F9-EBCE75FBE3C6}" = Catalyst Control Center InstallProxy "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3689EED-3943-9E90-1D65-D2246EB58AD1}" = CCC Help Turkish "{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DBA5EE42-A143-A658-9F86-C611BFDBEFCA}" = CCC Help Dutch "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EAF0F475-CFE2-9F4D-F26A-875FF09AD40E}" = CCC Help Spanish "{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Guía del usuario "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1F1CCD6-34FE-81C6-CE0C-F22695E6409F}" = CCC Help German "{F71A71E1-285C-95CE-A8F7-231E3827138E}" = CCC Help Polish "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FB124956-B0E3-4D78-AB94-6E53430004B7}" = Adobe Photoshop CS3 "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_53a35a181eeb50486a0e091bd67ae62" = Adobe Photoshop CS3 "Backup Magic" = Backup Magic "EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery "EPSON Scanner" = EPSON Scan "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10 "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "Lenovo Games Console" = Lenovo Games Console "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 18.0 (x86 es-ES)" = Mozilla Firefox 18.0 (x86 es-ES) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nero - Burning Rom!UninstallKey" = Nero OEM "NMPUninstallKey" = Nero Media Player "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "VeriFace" = VeriFace "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ System Events ] Error - 16/01/2013 2:55:02 | Computer Name = celeste-PC | Source = DCOM | ID = 10010 Description = Error - 16/01/2013 10:29:11 | Computer Name = celeste-PC | Source = Service Control Manager | ID = 7011 Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio ShellHWDetection. < End of report >

Posting the logs now. Google Chrome still starts up with the feed.helperbar.com that redirects itself to isearch.babylon AdwCleaner # AdwCleaner v2.105 - Fichero creado el 15/01/2013 a 17:17:08 # Actualizado el 08/01/2013 por Xplode # Sistema operativo : Windows 7 Home Basic Service Pack 1 (64 bits) # Usuario : celeste - CELESTE-PC # Modo de inicio : Normal # Ejecutado desde : C:\Users\celeste\Desktop\PABLO - Malware Removal\AdwCleaner.exe # Opción [supresión] ***** [servicios] ***** ***** [Ficheros / Carpetas] ***** Carpeta Suprimido : C:\ProgramData\Partner Carpeta Suprimido : C:\Users\celeste\AppData\Roaming\OpenCandy ***** [Registro] ***** Clave Supprimida : HKCU\Software\SmartBar Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Navegadores] ***** -\\ Internet Explorer v9.0.8112.16457 Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v18.0 (es-ES) Fichero : C:\Users\celeste\AppData\Roaming\Mozilla\Firefox\Profiles\1eytlpou.default\prefs.js Supprimida : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=[...] Supprimida : user_pref("extensions.helperbar.SmartbarDisabled", false); Supprimida : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Supprimida : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e[...] -\\ Google Chrome v24.0.1312.52 Fichero : C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Preferences Supprimida [l.9] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-a[...] Supprimida [l.1679] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5[...] ************************* AdwCleaner[R1].txt - [3606 octets] - [15/01/2013 16:54:06] AdwCleaner[s1].txt - [3469 octets] - [15/01/2013 17:17:08] ########## EOF - C:\AdwCleaner[s1].txt - [3529 octets] ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows 7 Home Basic x64 Ran by celeste on 15/01/2013 at 17:27:48,35 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\celeste\AppData\Roaming\mozilla\firefox\profiles\1eytlpou.default\minidumps [4 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15/01/2013 at 17:47:31,08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Posting the AdwCleaner Log now (It's installed in Spanish, for some reason) # AdwCleaner v2.105 - Fichero creado el 15/01/2013 a 16:54:06 # Actualizado el 08/01/2013 por Xplode # Sistema operativo : Windows 7 Home Basic Service Pack 1 (64 bits) # Usuario : celeste - CELESTE-PC # Modo de inicio : Normal # Ejecutado desde : C:\Users\celeste\Desktop\PABLO - Malware Removal\AdwCleaner.exe # Opción [búsqueda] ***** [servicios] ***** ***** [Ficheros / Carpetas] ***** Carpeta Presente : C:\ProgramData\Partner Carpeta Presente : C:\Users\celeste\AppData\Roaming\OpenCandy ***** [Registro] ***** Clave Presente : HKCU\Software\SmartBar Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Clave Presente : HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Valor Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Valor Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Navegadores] ***** -\\ Internet Explorer v9.0.8112.16457 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} -\\ Mozilla Firefox v18.0 (es-ES) Fichero : C:\Users\celeste\AppData\Roaming\Mozilla\Firefox\Profiles\1eytlpou.default\prefs.js Presente : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=[...] Presente : user_pref("extensions.helperbar.SmartbarDisabled", false); Presente : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Presente : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e[...] -\\ Google Chrome v24.0.1312.52 Fichero : C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Preferences Presente [l.9] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=hp&babsrc=lnkry", Presente [l.1679] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=hp&babsrc=lnkry", ************************* AdwCleaner[R1].txt - [3483 octets] - [15/01/2013 16:54:06] ########## EOF - C:\AdwCleaner[R1].txt - [3543 octets] ##########

Thanks for your quick response. I proceed to post the logs as you requested, and will wait for further instructions. Regards dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by celeste at 16:20:29 on 2013-01-15 Microsoft Windows 7 Home Basic 6.1.7601.1.1252.54.3082.18.2667.1342 [GMT -3:00] . AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\windows\system32\taskhost.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe C:\windows\System32\svchost.exe -k HPZ12 C:\windows\system32\svchost.exe -k regsvc C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\wbem\WmiApSrv.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\Temp\pccntupd.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\msiexec.exe C:\windows\system32\wuauclt.exe C:\windows\system32\Dwm.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} uSearch Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN mStart Page = about:blank uProxyServer = proxy:3128 uProxyOverride = *.leloir;*.cicema.org.ar uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [EPSON TX125 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIGGB.EXE /FU "C:\windows\TEMP\E_S7435.tmp" /EF "HKCU" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Enviar a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página al dispositivo &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab TCP: NameServer = 200.69.193.1 200.69.193.2 TCP: Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33} : DHCPNameServer = 200.69.193.1 200.69.193.2 TCP: Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33}\4505D2C494E4B4F5245313338354 : DHCPNameServer = 192.168.0.1 192.168.1.1 TCP: Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33}\4656661657C647 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33}\6647E2C65616C6 : DHCPNameServer = 200.49.130.40 200.42.4.203 TCP: Interfaces\{93ED2492-4AF2-4216-BF9A-6E07A0F50070} : DHCPNameServer = 172.16.254.247 172.16.254.245 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\celeste\AppData\Roaming\Mozilla\Firefox\Profiles\1eytlpou.default\ FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=hp&babsrc=lnkry FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-6-15 73856] R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-6-15 28800] R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-6-15 57952] R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-6-15 39008] R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-6-15 13408] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\System32\drivers\tmlwf.sys [2011-12-13 196688] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-12-6 235520] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984] R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2009-12-4 344376] R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2009-12-4 42808] R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\System32\drivers\tmwfp.sys [2011-12-13 338000] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792] R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2011-6-15 46136] R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-6-15 344616] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-6-15 39464] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-6-15 76912] R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-6-15 44672] R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2011-6-15 228224] R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\System32\drivers\vmuvcflt.sys [2011-6-15 8320] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-6-15 299520] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840] . =============== Created Last 30 ================ . 2013-01-15 18:03:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2013-01-15 18:03:16 17272 ----a-w- C:\windows\System32\sdnclean64.exe 2013-01-15 18:03:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-01-15 18:02:04 -------- d-----w- C:\Users\celeste\AppData\Local\Programs 2013-01-15 16:53:21 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2313239-6110-4B5D-86C1-738A95158E43}\offreg.dll 2013-01-15 16:08:56 -------- d-----w- C:\Program Files\CCleaner 2013-01-15 15:34:36 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2313239-6110-4B5D-86C1-738A95158E43}\mpengine.dll 2013-01-15 15:26:47 -------- d-----w- C:\Users\celeste\AppData\Local\{D53BEF53-F52C-4AE5-A662-A298FC5FE396} 2013-01-14 16:17:53 -------- d-----w- C:\Users\celeste\AppData\Local\{9E376894-779E-452F-B084-B4672FAE6CDB} 2013-01-13 19:50:42 -------- d-----w- C:\Users\celeste\AppData\Local\{5B5757F7-AAC1-4D32-9709-922CD75917CA} 2013-01-12 17:57:21 -------- d-----w- C:\Users\celeste\AppData\Local\{71D8883D-13E0-44BC-98B9-2B09EC5DF3E1} 2013-01-11 17:23:41 750592 ----a-w- C:\windows\System32\win32spl.dll 2013-01-11 17:23:41 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-01-11 17:23:16 2002432 ----a-w- C:\windows\System32\msxml6.dll 2013-01-11 17:23:15 1882624 ----a-w- C:\windows\System32\msxml3.dll 2013-01-11 17:23:15 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2013-01-11 17:23:15 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2013-01-11 17:23:08 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-01-11 17:23:08 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-01-11 17:23:05 800768 ----a-w- C:\windows\System32\usp10.dll 2013-01-11 17:23:05 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2013-01-11 17:21:19 46592 ----a-w- C:\windows\SysWow64\fpb.rs 2013-01-11 17:20:42 68608 ----a-w- C:\windows\System32\taskhost.exe 2013-01-11 17:20:41 3149824 ----a-w- C:\windows\System32\win32k.sys 2013-01-11 17:00:04 -------- d-----w- C:\Users\celeste\AppData\Local\{24CAF0E9-7B76-48AB-BE44-37EA1202CD74} 2013-01-10 23:28:36 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox.bak 2013-01-10 22:54:31 -------- d-----w- C:\Users\celeste\AppData\Local\{3FBFB6AB-842A-4B2A-AEF6-3EB15425CC7E} 2013-01-10 13:49:02 -------- d-----w- C:\Users\celeste\AppData\Local\{E05C8F76-8F81-4AFD-A614-E6A8DD7969CC} 2013-01-09 14:57:28 -------- d-----w- C:\Users\celeste\AppData\Local\{4BE6E1AE-5273-4CA6-B6AC-4D66C0593E08} 2013-01-08 21:58:46 -------- d-----w- C:\Users\celeste\AppData\Local\Macromedia 2013-01-08 13:53:07 -------- d-----w- C:\Users\celeste\AppData\Local\{6E4379F9-D49C-402F-BB52-E3D51D95A0CE} 2013-01-08 13:49:53 -------- d-----w- C:\Users\celeste\AppData\Local\{36B6BA29-51E7-4646-A61E-3296932B3B0B} 2013-01-07 13:43:01 -------- d-----w- C:\Users\celeste\AppData\Local\{A717A524-8AD4-48D5-868E-7740C6E13E3A} 2013-01-05 19:19:23 -------- d-----w- C:\Users\celeste\AppData\Local\{E48695D7-433A-4380-9A34-91533E35BB8D} 2012-12-22 15:38:25 -------- d-----w- C:\Users\celeste\AppData\Local\{BAFB9130-6B9F-486B-B841-5CDA5AC56676} 2012-12-21 21:28:41 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-21 21:28:41 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-21 21:28:40 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-21 21:28:40 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-21 14:49:05 -------- d-----w- C:\Users\celeste\AppData\Local\{4F991087-E1BA-44FF-8CFC-C3D1144E29DA} 2012-12-19 11:46:20 -------- d-----w- C:\Users\celeste\AppData\Local\{E55F4ABA-AC0F-4B7A-93E9-BCA4A22070E6} 2012-12-19 11:39:38 -------- d-----w- C:\Users\celeste\AppData\Local\{14D5C202-611A-483D-AAFA-59FF9A6257FF} 2012-12-18 18:11:41 -------- d-----w- C:\Users\celeste\AppData\Local\{D27AE58F-8ECB-40FB-8656-E74E05D1A3F1} 2012-12-17 12:18:05 -------- d-----w- C:\Users\celeste\AppData\Local\{16378C6D-DC1C-4584-8A62-1734E4D17B48} . ==================== Find3M ==================== . 2013-01-11 17:23:06 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-11 17:23:06 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll . ============= FINISH: 16:22:17,65 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Basic Boot Device: \Device\HarddiskVolume1 Install Date: 05/10/2011 04:27:09 a.m. System Uptime: 15/01/2013 12:24:39 p.m. (4 hours ago) . Motherboard: LENOVO | | Inagua Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 422 GiB total, 305,223 GiB free. D: is FIXED (NTFS) - 29 GiB total, 26,81 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP147: 11/12/2012 10:33:51 a.m. - Windows Update RP148: 12/12/2012 11:10:38 p.m. - Windows Update RP149: 18/12/2012 03:16:48 p.m. - Windows Update RP150: 21/12/2012 06:27:58 p.m. - Windows Update RP151: 05/01/2013 04:26:13 p.m. - Windows Update RP152: 11/01/2013 02:14:51 p.m. - Windows Update RP153: 11/01/2013 03:15:39 p.m. - Windows Update RP154: 15/01/2013 12:33:23 p.m. - Windows Update RP155: 15/01/2013 02:20:12 p.m. - Eliminado Zona Creativa RP156: 15/01/2013 02:22:31 p.m. - Removed Rhapsody Player Engine . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer ABBYY FineReader 9.0 Sprint Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader X (10.1.3) - Español Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Atheros Client Installation Program Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATI AVIVO64 Codecs Backup Magic Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Compresor WinRAR Conexant HD Audio Control ActiveX de Windows Live Mesh para conexiones remotas D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Desinstalador de impresoras EPSON TX125 Series EndNote X4 Energy Management Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup Epson Event Manager EPSON Scan Galería fotográfica de Windows Live Google Chrome Google Update Helper GraphPad Prism 5 Guía del usuario IQ Solutions Junk Mail filter update Lenovo Bluetooth with Enhanced Data Rate Software Lenovo DirectShare Lenovo EasyCamera Lenovo EE Boot Optimizer Lenovo Games Console Lenovo OneKey Recovery Lenovo PowerDVD 10 Lenovo YouCam McAfee Security Scan Plus Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile ESN Language Pack Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Spanish) 2010 Microsoft Office Excel MUI (Spanish) 2010 Microsoft Office Groove MUI (Spanish) 2010 Microsoft Office InfoPath MUI (Spanish) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Spanish) 2010 Microsoft Office Outlook MUI (Spanish) 2010 Microsoft Office PowerPoint MUI (Spanish) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Basque) 2010 Microsoft Office Proof (Catalan) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Galician) 2010 Microsoft Office Proof (Portuguese (Brazil)) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (Spanish) 2010 Microsoft Office Publisher MUI (Spanish) 2010 Microsoft Office Shared 64-bit MUI (Spanish) 2010 Microsoft Office Shared MUI (Spanish) 2010 Microsoft Office Word MUI (Spanish) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Mozilla Firefox 18.0 (x86 es-ES) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MxPro Nero Media Player Nero OEM Nokia Connectivity Cable Driver Paquete de controladores de Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN PDF Settings Power2Go Realtek USB 2.0 Reader Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Security Update for Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (KB2478663) Security Update for Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (KB2518870) Skype Click to Call Skype™ 5.10 Spybot - Search & Destroy Synaptics Pointing Device Driver Trend Micro OfficeScan Client Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition UserGuide VeriFace Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin ZTE HSDPA EDGE USB MODEM . ==== Event Viewer Messages From Past Week ======== . 15/01/2013 12:30:50 p.m., Error: Service Control Manager [7023] - 10/01/2013 01:19:27 p.m., Error: bowser [8003] - El explorador maestro recibió una notificación del equipo 202NAS que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{93ED2492-4AF2-4216-BF9A-6E07A0F50070}. El explorador maestro está detenido o se está forzando una elección. 08/01/2013 11:41:32 a.m., Error: NetBT [4321] - No se pudo registrar el nombre "WORKGROUP :1d" en la interfaz con dirección IP 172.16.67.7. El equipo la con dirección IP 172.16.78.5 no admite el nombre reclamado por este equipo. 08/01/2013 11:29:15 a.m., Error: bowser [8003] - El explorador maestro recibió una notificación del equipo 202NAS que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{93ED2492-4AF2-4216-BF9A-6E07A0F50070}. El explorador maestro está detenido o se está forzando una elección. 08/01/2013 11:28:16 a.m., Error: bowser [8003] - El explorador maestro recibió una notificación del equipo 202NAS que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{93ED2492-4AF2-4216-BF9A-6E07A0F50070}. El explorador maestro está detenido o se está forzando una elección. 08/01/2013 11:05:15 a.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR1. 08/01/2013 10:04:49 p.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR6. . ==== End Of File =========================== Rogue Killer log RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : celeste [Admin rights] Mode : Scan -- Date : 01/15/2013 16:25:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy:3128) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: HITACHI HTS547550A9E384 SATA Disk Device +++++ --- User --- [MBR] 618da1f76e61cffae4ef3e9c263a6f2a [bSP] 457fe8cc211e07eda707a480ef21d8ff : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01152013_02d1625.txt >> RKreport[1]_S_01152013_02d1625.txt

Hello, my name is Pablo and I'm new to this forum. I'm trying to help a friend whose notebook has been infected with this "virus" which appears as the starting page of the web browsers every time you open them. By searching the web, and investigating the web browsers, I was able to remove the virus from Firefox and IE, but Chrome remains infected. I can't find any program or process which could be responsible of this virus working. Before starting to run the usual programs for malware removal, I decided to check it with any of your staff members. Please, if you can help me with this, I'll be very glad Thanks