pabloradice

feed.helperbar.com - isearch.babylon.com problem

24 posts in this topic

Hello, my name is Pablo and I'm new to this forum.

I'm trying to help a friend whose notebook has been infected with this "virus" which appears as the starting page of the web browsers every time you open them.

By searching the web, and investigating the web browsers, I was able to remove the virus from Firefox and IE, but Chrome remains infected.

I can't find any program or process which could be responsible of this virus working. Before starting to run the usual programs for malware removal, I decided to check it with any of your staff members.

Please, if you can help me with this, I'll be very glad

Thanks

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites

Thanks for your quick response. I proceed to post the logs as you requested, and will wait for further instructions. Regards

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by celeste at 16:20:29 on 2013-01-15

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.54.3082.18.2667.1342 [GMT -3:00]

.

AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\windows\system32\taskhost.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\svchost.exe -k regsvc

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Trend Micro\OfficeScan Client\Temp\pccntupd.exe

C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\Dwm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

uSearch Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

mStart Page = about:blank

uProxyServer = proxy:3128

uProxyOverride = *.leloir;*.cicema.org.ar

uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [EPSON TX125 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIGGB.EXE /FU "C:\windows\TEMP\E_S7435.tmp" /EF "HKCU"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página al dispositivo &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab

TCP: NameServer = 200.69.193.1 200.69.193.2

TCP: Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33} : DHCPNameServer = 200.69.193.1 200.69.193.2

TCP: Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33}\4505D2C494E4B4F5245313338354 : DHCPNameServer = 192.168.0.1 192.168.1.1

TCP: Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33}\4656661657C647 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33}\6647E2C65616C6 : DHCPNameServer = 200.49.130.40 200.42.4.203

TCP: Interfaces\{93ED2492-4AF2-4216-BF9A-6E07A0F50070} : DHCPNameServer = 172.16.254.247 172.16.254.245

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = about:blank

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\celeste\AppData\Roaming\Mozilla\Firefox\Profiles\1eytlpou.default\

FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=hp&babsrc=lnkry

FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-6-15 73856]

R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-6-15 28800]

R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-6-15 57952]

R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-6-15 39008]

R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-6-15 13408]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\System32\drivers\tmlwf.sys [2011-12-13 196688]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-12-6 235520]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2009-12-4 344376]

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2009-12-4 42808]

R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\System32\drivers\tmwfp.sys [2011-12-13 338000]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]

R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2011-6-15 46136]

R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-6-15 344616]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-6-15 39464]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-6-15 76912]

R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-6-15 44672]

R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2011-6-15 228224]

R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\System32\drivers\vmuvcflt.sys [2011-6-15 8320]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-6-15 299520]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

.

=============== Created Last 30 ================

.

2013-01-15 18:03:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-15 18:03:16 17272 ----a-w- C:\windows\System32\sdnclean64.exe

2013-01-15 18:03:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-01-15 18:02:04 -------- d-----w- C:\Users\celeste\AppData\Local\Programs

2013-01-15 16:53:21 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2313239-6110-4B5D-86C1-738A95158E43}\offreg.dll

2013-01-15 16:08:56 -------- d-----w- C:\Program Files\CCleaner

2013-01-15 15:34:36 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2313239-6110-4B5D-86C1-738A95158E43}\mpengine.dll

2013-01-15 15:26:47 -------- d-----w- C:\Users\celeste\AppData\Local\{D53BEF53-F52C-4AE5-A662-A298FC5FE396}

2013-01-14 16:17:53 -------- d-----w- C:\Users\celeste\AppData\Local\{9E376894-779E-452F-B084-B4672FAE6CDB}

2013-01-13 19:50:42 -------- d-----w- C:\Users\celeste\AppData\Local\{5B5757F7-AAC1-4D32-9709-922CD75917CA}

2013-01-12 17:57:21 -------- d-----w- C:\Users\celeste\AppData\Local\{71D8883D-13E0-44BC-98B9-2B09EC5DF3E1}

2013-01-11 17:23:41 750592 ----a-w- C:\windows\System32\win32spl.dll

2013-01-11 17:23:41 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-11 17:23:16 2002432 ----a-w- C:\windows\System32\msxml6.dll

2013-01-11 17:23:15 1882624 ----a-w- C:\windows\System32\msxml3.dll

2013-01-11 17:23:15 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2013-01-11 17:23:15 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2013-01-11 17:23:08 307200 ----a-w- C:\windows\System32\ncrypt.dll

2013-01-11 17:23:08 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-01-11 17:23:05 800768 ----a-w- C:\windows\System32\usp10.dll

2013-01-11 17:23:05 626688 ----a-w- C:\windows\SysWow64\usp10.dll

2013-01-11 17:21:19 46592 ----a-w- C:\windows\SysWow64\fpb.rs

2013-01-11 17:20:42 68608 ----a-w- C:\windows\System32\taskhost.exe

2013-01-11 17:20:41 3149824 ----a-w- C:\windows\System32\win32k.sys

2013-01-11 17:00:04 -------- d-----w- C:\Users\celeste\AppData\Local\{24CAF0E9-7B76-48AB-BE44-37EA1202CD74}

2013-01-10 23:28:36 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox.bak

2013-01-10 22:54:31 -------- d-----w- C:\Users\celeste\AppData\Local\{3FBFB6AB-842A-4B2A-AEF6-3EB15425CC7E}

2013-01-10 13:49:02 -------- d-----w- C:\Users\celeste\AppData\Local\{E05C8F76-8F81-4AFD-A614-E6A8DD7969CC}

2013-01-09 14:57:28 -------- d-----w- C:\Users\celeste\AppData\Local\{4BE6E1AE-5273-4CA6-B6AC-4D66C0593E08}

2013-01-08 21:58:46 -------- d-----w- C:\Users\celeste\AppData\Local\Macromedia

2013-01-08 13:53:07 -------- d-----w- C:\Users\celeste\AppData\Local\{6E4379F9-D49C-402F-BB52-E3D51D95A0CE}

2013-01-08 13:49:53 -------- d-----w- C:\Users\celeste\AppData\Local\{36B6BA29-51E7-4646-A61E-3296932B3B0B}

2013-01-07 13:43:01 -------- d-----w- C:\Users\celeste\AppData\Local\{A717A524-8AD4-48D5-868E-7740C6E13E3A}

2013-01-05 19:19:23 -------- d-----w- C:\Users\celeste\AppData\Local\{E48695D7-433A-4380-9A34-91533E35BB8D}

2012-12-22 15:38:25 -------- d-----w- C:\Users\celeste\AppData\Local\{BAFB9130-6B9F-486B-B841-5CDA5AC56676}

2012-12-21 21:28:41 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-21 21:28:41 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-21 21:28:40 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-21 21:28:40 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-21 14:49:05 -------- d-----w- C:\Users\celeste\AppData\Local\{4F991087-E1BA-44FF-8CFC-C3D1144E29DA}

2012-12-19 11:46:20 -------- d-----w- C:\Users\celeste\AppData\Local\{E55F4ABA-AC0F-4B7A-93E9-BCA4A22070E6}

2012-12-19 11:39:38 -------- d-----w- C:\Users\celeste\AppData\Local\{14D5C202-611A-483D-AAFA-59FF9A6257FF}

2012-12-18 18:11:41 -------- d-----w- C:\Users\celeste\AppData\Local\{D27AE58F-8ECB-40FB-8656-E74E05D1A3F1}

2012-12-17 12:18:05 -------- d-----w- C:\Users\celeste\AppData\Local\{16378C6D-DC1C-4584-8A62-1734E4D17B48}

.

==================== Find3M ====================

.

2013-01-11 17:23:06 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 17:23:06 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

.

============= FINISH: 16:22:17,65 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 05/10/2011 04:27:09 a.m.

System Uptime: 15/01/2013 12:24:39 p.m. (4 hours ago)

.

Motherboard: LENOVO | | Inagua

Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 422 GiB total, 305,223 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 26,81 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP147: 11/12/2012 10:33:51 a.m. - Windows Update

RP148: 12/12/2012 11:10:38 p.m. - Windows Update

RP149: 18/12/2012 03:16:48 p.m. - Windows Update

RP150: 21/12/2012 06:27:58 p.m. - Windows Update

RP151: 05/01/2013 04:26:13 p.m. - Windows Update

RP152: 11/01/2013 02:14:51 p.m. - Windows Update

RP153: 11/01/2013 03:15:39 p.m. - Windows Update

RP154: 15/01/2013 12:33:23 p.m. - Windows Update

RP155: 15/01/2013 02:20:12 p.m. - Eliminado Zona Creativa

RP156: 15/01/2013 02:22:31 p.m. - Removed Rhapsody Player Engine

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

ABBYY FineReader 9.0 Sprint

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Recommended Settings

Adobe Color JA Extra Settings

Adobe Color NA Extra Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.3) - Español

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Atheros Client Installation Program

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATI AVIVO64 Codecs

Backup Magic

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Compresor WinRAR

Conexant HD Audio

Control ActiveX de Windows Live Mesh para conexiones remotas

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Desinstalador de impresoras EPSON TX125 Series

EndNote X4

Energy Management

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

EPSON Scan

Galería fotográfica de Windows Live

Google Chrome

Google Update Helper

GraphPad Prism 5

Guía del usuario

IQ Solutions

Junk Mail filter update

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo DirectShare

Lenovo EasyCamera

Lenovo EE Boot Optimizer

Lenovo Games Console

Lenovo OneKey Recovery

Lenovo PowerDVD 10

Lenovo YouCam

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile ESN Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Spanish) 2010

Microsoft Office Excel MUI (Spanish) 2010

Microsoft Office Groove MUI (Spanish) 2010

Microsoft Office InfoPath MUI (Spanish) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Spanish) 2010

Microsoft Office Outlook MUI (Spanish) 2010

Microsoft Office PowerPoint MUI (Spanish) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (Basque) 2010

Microsoft Office Proof (Catalan) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Galician) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Spanish) 2010

Microsoft Office Publisher MUI (Spanish) 2010

Microsoft Office Shared 64-bit MUI (Spanish) 2010

Microsoft Office Shared MUI (Spanish) 2010

Microsoft Office Word MUI (Spanish) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Mozilla Firefox 18.0 (x86 es-ES)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MxPro

Nero Media Player

Nero OEM

Nokia Connectivity Cable Driver

Paquete de controladores de Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)

Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN

PDF Settings

Power2Go

Realtek USB 2.0 Reader Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (KB2478663)

Security Update for Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (KB2518870)

Skype Click to Call

Skype™ 5.10

Spybot - Search & Destroy

Synaptics Pointing Device Driver

Trend Micro OfficeScan Client

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

UserGuide

VeriFace

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

ZTE HSDPA EDGE USB MODEM

.

==== Event Viewer Messages From Past Week ========

.

15/01/2013 12:30:50 p.m., Error: Service Control Manager [7023] -

10/01/2013 01:19:27 p.m., Error: bowser [8003] - El explorador maestro recibió una notificación del equipo 202NAS que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{93ED2492-4AF2-4216-BF9A-6E07A0F50070}. El explorador maestro está detenido o se está forzando una elección.

08/01/2013 11:41:32 a.m., Error: NetBT [4321] - No se pudo registrar el nombre "WORKGROUP :1d" en la interfaz con dirección IP 172.16.67.7. El equipo la con dirección IP 172.16.78.5 no admite el nombre reclamado por este equipo.

08/01/2013 11:29:15 a.m., Error: bowser [8003] - El explorador maestro recibió una notificación del equipo 202NAS que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{93ED2492-4AF2-4216-BF9A-6E07A0F50070}. El explorador maestro está detenido o se está forzando una elección.

08/01/2013 11:28:16 a.m., Error: bowser [8003] - El explorador maestro recibió una notificación del equipo 202NAS que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{93ED2492-4AF2-4216-BF9A-6E07A0F50070}. El explorador maestro está detenido o se está forzando una elección.

08/01/2013 11:05:15 a.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR1.

08/01/2013 10:04:49 p.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR6.

.

==== End Of File ===========================

Rogue Killer log

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : celeste [Admin rights]

Mode : Scan -- Date : 01/15/2013 16:25:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy:3128) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS547550A9E384 SATA Disk Device +++++

--- User ---

[MBR] 618da1f76e61cffae4ef3e9c263a6f2a

[bSP] 457fe8cc211e07eda707a480ef21d8ff : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01152013_02d1625.txt >>

RKreport[1]_S_01152013_02d1625.txt

Share this post


Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Share this post


Link to post
Share on other sites

Posting the AdwCleaner Log now (It's installed in Spanish, for some reason)

# AdwCleaner v2.105 - Fichero creado el 15/01/2013 a 16:54:06

# Actualizado el 08/01/2013 por Xplode

# Sistema operativo : Windows 7 Home Basic Service Pack 1 (64 bits)

# Usuario : celeste - CELESTE-PC

# Modo de inicio : Normal

# Ejecutado desde : C:\Users\celeste\Desktop\PABLO - Malware Removal\AdwCleaner.exe

# Opción [búsqueda]

***** [servicios] *****

***** [Ficheros / Carpetas] *****

Carpeta Presente : C:\ProgramData\Partner

Carpeta Presente : C:\Users\celeste\AppData\Roaming\OpenCandy

***** [Registro] *****

Clave Presente : HKCU\Software\SmartBar

Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Clave Presente : HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Valor Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Valor Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

-\\ Mozilla Firefox v18.0 (es-ES)

Fichero : C:\Users\celeste\AppData\Roaming\Mozilla\Firefox\Profiles\1eytlpou.default\prefs.js

Presente : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=[...]

Presente : user_pref("extensions.helperbar.SmartbarDisabled", false);

Presente : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Presente : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e[...]

-\\ Google Chrome v24.0.1312.52

Fichero : C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Preferences

Presente [l.9] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=hp&babsrc=lnkry",

Presente [l.1679] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=hp&babsrc=lnkry",

*************************

AdwCleaner[R1].txt - [3483 octets] - [15/01/2013 16:54:06]

########## EOF - C:\AdwCleaner[R1].txt - [3543 octets] ##########

Share this post


Link to post
Share on other sites

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next...........

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

MrC

Share this post


Link to post
Share on other sites

Posting the logs now. Google Chrome still starts up with the feed.helperbar.com that redirects itself to isearch.babylon

AdwCleaner

# AdwCleaner v2.105 - Fichero creado el 15/01/2013 a 17:17:08

# Actualizado el 08/01/2013 por Xplode

# Sistema operativo : Windows 7 Home Basic Service Pack 1 (64 bits)

# Usuario : celeste - CELESTE-PC

# Modo de inicio : Normal

# Ejecutado desde : C:\Users\celeste\Desktop\PABLO - Malware Removal\AdwCleaner.exe

# Opción [supresión]

***** [servicios] *****

***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\ProgramData\Partner

Carpeta Suprimido : C:\Users\celeste\AppData\Roaming\OpenCandy

***** [Registro] *****

Clave Supprimida : HKCU\Software\SmartBar

Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16457

Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5-bb2bc3dc88a7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (es-ES)

Fichero : C:\Users\celeste\AppData\Roaming\Mozilla\Firefox\Profiles\1eytlpou.default\prefs.js

Supprimida : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=[...]

Supprimida : user_pref("extensions.helperbar.SmartbarDisabled", false);

Supprimida : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Supprimida : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e[...]

-\\ Google Chrome v24.0.1312.52

Fichero : C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimida [l.9] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-a[...]

Supprimida [l.1679] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=e1027090-d28e-4ace-ace5[...]

*************************

AdwCleaner[R1].txt - [3606 octets] - [15/01/2013 16:54:06]

AdwCleaner[s1].txt - [3469 octets] - [15/01/2013 17:17:08]

########## EOF - C:\AdwCleaner[s1].txt - [3529 octets] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Windows 7 Home Basic x64

Ran by celeste on 15/01/2013 at 17:27:48,35

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\celeste\AppData\Roaming\mozilla\firefox\profiles\1eytlpou.default\minidumps [4 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 15/01/2013 at 17:47:31,08

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Share this post


Link to post
Share on other sites

Thanks for the help. Posting OTL logs now:

OTL.txt

OTL logfile created on: 16/01/2013 11:38:06 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\celeste\Desktop\PABLO - Malware Removal

64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,60 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 49,93% Memory free

5,21 Gb Paging File | 3,30 Gb Available in Paging File | 63,40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 421,81 Gb Total Space | 305,12 Gb Free Space | 72,33% Space Free | Partition Type: NTFS

Drive D: | 29,00 Gb Total Space | 26,81 Gb Free Space | 92,47% Space Free | Partition Type: NTFS

Computer Name: CELESTE-PC | User Name: celeste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/16 11:35:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\celeste\Desktop\PABLO - Malware Removal\OTL.exe

PRC - [2013/01/07 21:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/12/24 08:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

PRC - [2010/07/29 16:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

PRC - [2009/04/02 16:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/07 21:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

MOD - [2013/01/07 21:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll

MOD - [2013/01/07 21:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll

MOD - [2013/01/07 21:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll

MOD - [2013/01/07 21:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

========== Services (SafeList) ==========

SRV:64bit: - [2011/12/06 00:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/12/05 22:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV - [2013/01/12 18:54:44 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/11 14:23:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/05 04:56:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011/03/22 14:48:40 | 002,020,720 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)

SRV - [2011/03/22 14:41:22 | 001,937,544 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)

SRV - [2010/12/15 17:48:14 | 000,917,840 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010/07/29 16:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/07 11:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/06 00:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/12/05 23:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/06/15 22:59:42 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)

DRV:64bit: - [2011/06/15 22:59:29 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2011/06/15 22:56:53 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)

DRV:64bit: - [2011/06/15 22:56:53 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/14 01:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010/12/24 08:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/11/29 05:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2010/11/24 08:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/08 19:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/10/21 07:05:22 | 000,228,224 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)

DRV:64bit: - [2010/09/30 05:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2010/09/03 02:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/08/16 06:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)

DRV:64bit: - [2010/07/21 14:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)

DRV:64bit: - [2010/07/21 14:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)

DRV:64bit: - [2010/07/19 11:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010/07/19 11:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/07/19 11:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010/07/13 04:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

DRV:64bit: - [2010/06/24 23:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/05/14 19:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/05/14 19:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/03/01 12:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2010/02/18 06:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/07/21 11:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)

DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys -- (TmPreFilter)

DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys -- (VSApiNt)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN'>http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_esAR452

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.leloir;*.cicema.org.ar

IE - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:3128

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:3.1.5

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 18:54:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/12 18:54:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 18:54:46 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/12 18:54:26 | 000,000,000 | ---D | M]

[2011/10/05 22:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\celeste\AppData\Roaming\mozilla\Extensions

[2013/01/15 13:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\celeste\AppData\Roaming\mozilla\Firefox\Profiles\1eytlpou.default\extensions

[2012/01/21 23:14:13 | 000,013,642 | ---- | M] () (No name found) -- C:\Users\celeste\AppData\Roaming\mozilla\firefox\profiles\1eytlpou.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi

[2013/01/12 18:54:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013/01/12 18:54:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/01/12 18:54:45 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/09/02 10:21:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/01/10 20:29:00 | 000,004,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml

[2013/01/10 20:29:00 | 000,001,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml

[2013/01/10 20:29:00 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2013/01/10 20:29:00 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml

[2013/01/10 20:28:59 | 000,001,315 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Adblock Plus = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\

CHR - Extension: B\u00FAsqueda de Google = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Skype Click to Call = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\

CHR - Extension: Gmail = C:\Users\celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [sDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)

O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)

O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1658472467-1303681564-1710782571-1001..\Run: [EPSON TX125 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGB.EXE /FU "C:\windows\TEMP\E_S7435.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.69.193.1 200.69.193.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{408918F0-8CF2-4334-836C-EDEB075C9D33}: DhcpNameServer = 200.69.193.1 200.69.193.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93ED2492-4AF2-4216-BF9A-6E07A0F50070}: DhcpNameServer = 172.16.254.247 172.16.254.245

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{dafecfc9-307b-11e1-b0b5-c0f8dac62219}\Shell - "" = AutoRun

O33 - MountPoints2\{dafecfc9-307b-11e1-b0b5-c0f8dac62219}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{dafecfd6-307b-11e1-b0b5-c0f8dac62219}\Shell - "" = AutoRun

O33 - MountPoints2\{dafecfd6-307b-11e1-b0b5-c0f8dac62219}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{dafecfea-307b-11e1-b0b5-c0f8dac62219}\Shell - "" = AutoRun

O33 - MountPoints2\{dafecfea-307b-11e1-b0b5-c0f8dac62219}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/15 17:27:44 | 000,000,000 | ---D | C] -- C:\windows\ERUNT

[2013/01/15 17:27:06 | 000,000,000 | ---D | C] -- C:\JRT

[2013/01/15 16:10:38 | 000,000,000 | ---D | C] -- C:\Users\celeste\Desktop\PABLO - Malware Removal

[2013/01/15 15:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/01/15 15:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2013/01/15 15:03:16 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe

[2013/01/15 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

[2013/01/15 15:02:04 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\Programs

[2013/01/15 13:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/01/15 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/01/15 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{D53BEF53-F52C-4AE5-A662-A298FC5FE396}

[2013/01/14 13:58:42 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth

[2013/01/14 13:17:53 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{9E376894-779E-452F-B084-B4672FAE6CDB}

[2013/01/13 16:50:42 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{5B5757F7-AAC1-4D32-9709-922CD75917CA}

[2013/01/12 18:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/01/12 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{71D8883D-13E0-44BC-98B9-2B09EC5DF3E1}

[2013/01/11 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{24CAF0E9-7B76-48AB-BE44-37EA1202CD74}

[2013/01/10 20:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak

[2013/01/10 19:54:31 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{3FBFB6AB-842A-4B2A-AEF6-3EB15425CC7E}

[2013/01/10 10:49:02 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{E05C8F76-8F81-4AFD-A614-E6A8DD7969CC}

[2013/01/09 11:57:28 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{4BE6E1AE-5273-4CA6-B6AC-4D66C0593E08}

[2013/01/08 19:04:51 | 000,000,000 | ---D | C] -- C:\Users\celeste\Desktop\Review PD 2013

[2013/01/08 18:58:46 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\Macromedia

[2013/01/08 10:53:07 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{6E4379F9-D49C-402F-BB52-E3D51D95A0CE}

[2013/01/08 10:49:53 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{36B6BA29-51E7-4646-A61E-3296932B3B0B}

[2013/01/07 10:43:01 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{A717A524-8AD4-48D5-868E-7740C6E13E3A}

[2013/01/05 16:19:23 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{E48695D7-433A-4380-9A34-91533E35BB8D}

[2012/12/22 12:38:25 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{BAFB9130-6B9F-486B-B841-5CDA5AC56676}

[2012/12/21 11:49:05 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{4F991087-E1BA-44FF-8CFC-C3D1144E29DA}

[2012/12/19 08:46:20 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{E55F4ABA-AC0F-4B7A-93E9-BCA4A22070E6}

[2012/12/19 08:39:38 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{14D5C202-611A-483D-AAFA-59FF9A6257FF}

[2012/12/18 15:11:41 | 000,000,000 | ---D | C] -- C:\Users\celeste\AppData\Local\{D27AE58F-8ECB-40FB-8656-E74E05D1A3F1}

========== Files - Modified Within 30 Days ==========

[2013/01/16 11:32:45 | 000,763,024 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/01/16 11:32:45 | 000,638,230 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/01/16 11:32:45 | 000,113,586 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/01/16 11:32:45 | 000,019,236 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat

[2013/01/16 11:32:45 | 000,007,496 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat

[2013/01/16 11:31:00 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/16 11:29:23 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/01/16 11:29:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/01/15 18:31:00 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/15 17:28:30 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/15 17:28:30 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/15 17:21:09 | 000,311,975 | ---- | M] () -- C:\windows\SysNative\fastboot.set

[2013/01/15 17:20:27 | 2097,336,320 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/15 15:03:28 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2013/01/15 13:09:07 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/01/14 18:58:03 | 000,244,860 | ---- | M] () -- C:\Users\celeste\Desktop\exp 2 viabilidad HeLa 14-1-13.pzf

[2013/01/13 16:51:28 | 000,016,488 | ---- | M] () -- C:\windows\cfgall.ini

[2013/01/11 15:58:45 | 002,350,360 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/01/08 15:45:02 | 000,001,587 | ---- | M] () -- C:\Users\celeste\Desktop\Google Chrome.lnk

[2013/01/07 14:00:43 | 001,714,001 | ---- | M] () -- C:\Users\celeste\Desktop\Stepping PC TNF analisis 20-12-12.pzf

========== Files Created - No Company Name ==========

[2013/01/15 15:03:28 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2013/01/15 15:03:28 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2013/01/15 13:09:07 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/01/14 18:57:08 | 000,244,860 | ---- | C] () -- C:\Users\celeste\Desktop\exp 2 viabilidad HeLa 14-1-13.pzf

[2013/01/08 15:44:57 | 000,001,617 | ---- | C] () -- C:\Users\celeste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

[2013/01/08 15:44:57 | 000,001,587 | ---- | C] () -- C:\Users\celeste\Desktop\Google Chrome.lnk

[2012/12/20 11:51:34 | 001,714,001 | ---- | C] () -- C:\Users\celeste\Desktop\Stepping PC TNF analisis 20-12-12.pzf

[2012/10/02 06:41:48 | 000,027,426 | ---- | C] () -- C:\Users\celeste\na01di01.jpg

[2012/06/01 08:53:40 | 000,006,399 | ---- | C] () -- C:\Users\celeste\01-06-12.gif

[2012/05/11 19:59:09 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe

[2012/05/11 19:58:54 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe

[2012/05/10 21:15:35 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat

[2012/05/10 21:15:35 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat

[2012/05/10 21:15:35 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat

[2012/05/10 21:15:35 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat

[2012/05/10 21:15:35 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat

[2012/05/10 21:15:35 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat

[2012/05/10 21:15:35 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat

[2012/05/10 21:15:35 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat

[2012/05/10 21:15:35 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat

[2012/05/10 21:15:35 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat

[2012/05/10 21:15:35 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat

[2012/05/10 21:15:35 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat

[2012/05/10 21:15:35 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat

[2012/05/10 21:15:35 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat

[2012/05/10 21:15:35 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat

[2012/05/10 21:15:35 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini

[2012/05/10 21:09:54 | 000,000,088 | ---- | C] () -- C:\windows\ETX123_125.ini

[2012/02/03 16:54:00 | 000,035,019 | ---- | C] () -- C:\Users\celeste\AppData\Roaming\EndNote.rar

[2011/12/05 23:35:10 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

[2011/12/05 23:35:10 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll

[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

[2011/11/04 11:48:53 | 000,000,000 | ---- | C] () -- C:\Users\celeste\AppData\Local\{A2A0156B-B8C7-41A4-AFF7-F2BAD2B98BAC}

[2011/10/24 06:30:53 | 000,004,096 | -H-- | C] () -- C:\Users\celeste\AppData\Local\keyfile3.drm

[2011/10/05 23:07:59 | 000,016,488 | ---- | C] () -- C:\windows\cfgall.ini

[2011/09/12 20:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2011/06/15 23:06:31 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin

[2011/06/15 23:06:31 | 000,000,512 | ---- | C] () -- C:\windows\current.bin

[2011/06/15 22:44:23 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll

[2011/06/15 22:44:22 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll

[2011/06/15 22:44:22 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2011/06/15 22:44:22 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2011/06/15 22:44:07 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll

[2011/06/15 22:18:49 | 000,001,652 | ---- | C] () -- C:\windows\vm331Rmv.ini

[2011/06/15 22:18:49 | 000,001,652 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini

[2011/06/15 21:59:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/24 22:52:57 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\ArcSyncConfig

[2012/02/03 18:15:15 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\EndNote

[2012/05/24 13:13:22 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\Epson

[2011/10/05 22:27:45 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\GraphPad Software

[2011/10/06 05:52:16 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\Lenovo

[2012/09/24 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\celeste\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 16/01/2013 11:38:06 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\celeste\Desktop\PABLO - Malware Removal

64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,60 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 49,93% Memory free

5,21 Gb Paging File | 3,30 Gb Available in Paging File | 63,40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 421,81 Gb Total Space | 305,12 Gb Free Space | 72,33% Space Free | Partition Type: NTFS

Drive D: | 29,00 Gb Total Space | 26,81 Gb Free Space | 92,47% Space Free | Partition Type: NTFS

Computer Name: CELESTE-PC | User Name: celeste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1658472467-1303681564-1710782571-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2A9FABFF-D0DE-4081-90E1-EE137C3A30CC}" = lport=18231 | protocol=6 | dir=in | name=trend micro officescan listener |

"{37D185C8-E5FF-402A-93EC-5E7688860FC3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{51809273-1071-4C1E-8180-BE020146B09C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C57CFE76-0B0E-4F90-9162-670DD77FFA7A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0DE819EC-9F56-4B1D-A184-39DF817D6943}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"{32F5CFBF-6077-4EAD-8080-755A7CFB613D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{34147434-4708-4E9E-A78E-DB29DF7E3119}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{4D483D6C-0916-4E27-A05F-D60E68EEB90B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{A8C1919E-79E1-45D6-BBC6-DBC502234820}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{C5951D3A-41DF-4530-B565-417E445B92F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{C87BAF8A-C12F-482F-8EFC-EC24BFE3758D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{D190DE6B-A569-47B1-8168-688A363E03C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{E8707764-AC27-4CDE-A29E-D87B0D65FBAE}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0D98B285-0777-B3B7-7A3D-9C85422203B9}" = ccc-utility64

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{418A8D89-B9AA-B872-5927-3D1A052CEAA8}" = AMD Media Foundation Decoders

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{45CB0703-D49C-31B2-0DBD-FDD98D7DEF7A}" = AMD Drag and Drop Transcoding

"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8924F1FE-8AC5-C2AE-59EF-C5D65B226933}" = AMD Catalyst Install Manager

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010

"{909EDD8B-F26D-7051-C761-3386A1AFE052}" = ATI AVIVO64 Codecs

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack

"{C7768A7E-3E00-F72D-052F-BB4A7C617FC0}" = AMD Fuel

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Paquete de controladores de Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)

"EPSON TX125 Series" = Desinstalador de impresoras EPSON TX125 Series

"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = Compresor WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{010977DE-35D4-4F21-9BFB-0CFE7DF3848D}" = MxPro

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{06870F63-4D1C-171F-9552-368D3890D92F}" = CCC Help French

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{14CE04AF-0EBC-B865-382F-1FB466CAC301}" = CCC Help English

"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1DBC5882-96E2-3A01-A32C-9B6F6EF6CF25}" = CCC Help Korean

"{1F36B20F-7408-EC75-2825-E9FE81B0339D}" = CCC Help Norwegian

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{30DAAF05-3679-C10C-953C-BB422FCDF557}" = CCC Help Swedish

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5

"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{428536FB-25A0-8531-75EF-D7A7C340B0A4}" = AMD VISION Engine Control Center

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4BA6B7C9-65AE-BE8B-687A-6F1A2D7F9705}" = CCC Help Czech

"{4C8E1E1B-175F-AF47-8B21-E12C7C8B5D40}" = CCC Help Thai

"{4EAF46A2-DB90-6B67-F640-5CC876A2B5C4}" = CCC Help Greek

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{5D5B8455-50E0-F94A-4C82-0F9303BB4C0E}" = CCC Help Danish

"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{7765BB73-D985-42C9-C7EE-AB434D59429F}" = CCC Help Chinese Traditional

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7ADFB885-8E98-6AAE-8687-D6EFB5127F6B}" = Catalyst Control Center Graphics Previews Common

"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7F7C616E-6971-77D9-7D59-82DC35DF81AC}" = CCC Help Russian

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4

"{8B31B757-3FE6-11D5-80FE-0050DA0AC313}" = IQ Solutions

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BD586FDF-FA7C-40AC-800D-EAD5AE85AC2C}" =

"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010

"{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010

"{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010

"{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010

"{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010

"{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010

"{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010

"{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROPLUS_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010

"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUS_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010

"{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROPLUS_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010

"{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROPLUS_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010

"{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010

"{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010

"{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010

"{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010

"{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = ZTE HSDPA EDGE USB MODEM

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FA5B08F-9162-BCCB-AFAC-28DF1751BEC3}" = Catalyst Control Center Localization All

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Español

"{ACD238D4-5E74-42E1-8B11-A477BCE70D2F}" = Adobe Setup

"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera

"{AF859F36-5F97-F6EC-A617-62771A8B4FDC}" = CCC Help Finnish

"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB095F3E-0A7D-7DD4-B2A8-47CB12E416B0}" = CCC Help Japanese

"{BC71B06F-BFAE-6A73-091C-F18ACF00A04C}" = CCC Help Italian

"{BDCBA80C-A3BD-9DA5-E43F-EBBBE779C032}" = CCC Help Hungarian

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CEEA6219-8792-3E40-D361-4FB5F0FBBB0F}" = CCC Help Portuguese

"{CF053286-7F4C-CAFB-616B-58EC562BB28E}" = CCC Help Chinese Standard

"{D07BB56A-7DB4-4564-A1F9-EBCE75FBE3C6}" = Catalyst Control Center InstallProxy

"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D3689EED-3943-9E90-1D65-D2246EB58AD1}" = CCC Help Turkish

"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DBA5EE42-A143-A658-9F86-C611BFDBEFCA}" = CCC Help Dutch

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EAF0F475-CFE2-9F4D-F26A-875FF09AD40E}" = CCC Help Spanish

"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Guía del usuario

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1F1CCD6-34FE-81C6-CE0C-F22695E6409F}" = CCC Help German

"{F71A71E1-285C-95CE-A8F7-231E3827138E}" = CCC Help Polish

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{FB124956-B0E3-4D78-AB94-6E53430004B7}" = Adobe Photoshop CS3

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_53a35a181eeb50486a0e091bd67ae62" = Adobe Photoshop CS3

"Backup Magic" = Backup Magic

"EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

"EPSON Scanner" = EPSON Scan

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam

"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare

"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10

"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide

"Lenovo Games Console" = Lenovo Games Console

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 18.0 (x86 es-ES)" = Mozilla Firefox 18.0 (x86 es-ES)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NMPUninstallKey" = Nero Media Player

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"VeriFace" = VeriFace

"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ System Events ]

Error - 16/01/2013 2:55:02 | Computer Name = celeste-PC | Source = DCOM | ID = 10010

Description =

Error - 16/01/2013 10:29:11 | Computer Name = celeste-PC | Source = Service Control Manager | ID = 7011

Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción

del servicio ShellHWDetection.

< End of report >

Share this post


Link to post
Share on other sites

I don't see anything...lets do some checking in Chrome:

First please make sure you have the latest version of Chrome:

Click the wrench in the upper right hand corner

Click on "About Google Chrome"

If an update is available it will be downloaded and installed

Next:

Carefully check for any odd extensions or plugins:

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

Next:

Go to Settings > Show advanced settings........ (at the bottom)

Put a check next to all of these:

Clear browsing history

Clear download history

Empty the cache

Click "Clear Browsing Data"

Next:

Look through the rest of Tools, Settings and View Backround Pages and make sure there's nothing suspicious.

---------------------------

Then look at this link (it's for a different infection but the way to change Chromes settings is the same)

http://deletemalware...tall-guide.html

Let me know, MrC

Share this post


Link to post
Share on other sites

I've done all of that, and I found nothing suspicious (still, I disabled everything not essential). I had done everything suggested by that link you provided before I came here. It had worked fine for IE and Firefox, but I still get feed.helperbar.com whenever I start Chrome.

So I still have the same problem for Chrome only.

Thanks for all your help.

Share this post


Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Done. I still get the feed.helperbar at Chrome start

ComboFix log here:

ComboFix 13-01-16.01 - celeste 16/01/2013 15:47:28.1.2 - x64

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.54.3082.18.2667.1382 [GMT -3:00]

Running from: c:\users\celeste\Desktop\ComboFix.exe

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\s.bat

.

.

((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))

.

.

2013-01-16 19:39 . 2013-01-16 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-15 20:27 . 2013-01-15 20:27 -------- d-----w- c:\windows\ERUNT

2013-01-15 20:27 . 2013-01-15 20:27 -------- d-----w- C:\JRT

2013-01-15 18:03 . 2013-01-16 18:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-01-15 18:03 . 2009-01-25 15:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2013-01-15 18:03 . 2013-01-16 18:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-01-15 18:02 . 2013-01-15 18:02 -------- d-----w- c:\users\celeste\AppData\Local\Programs

2013-01-15 16:53 . 2013-01-15 20:33 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2313239-6110-4B5D-86C1-738A95158E43}\offreg.dll

2013-01-15 16:08 . 2013-01-15 16:09 -------- d-----w- c:\program files\CCleaner

2013-01-15 15:34 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2313239-6110-4B5D-86C1-738A95158E43}\mpengine.dll

2013-01-11 17:23 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-11 17:23 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-11 17:23 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-11 17:23 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-11 17:23 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-11 17:23 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-11 17:23 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-11 17:23 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-11 17:23 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-11 17:23 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-11 17:21 . 2012-12-07 11:20 43520 ----a-w- c:\windows\system32\csrr.rs

2013-01-11 17:20 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-11 17:20 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-08 21:58 . 2013-01-08 21:58 -------- d-----w- c:\users\celeste\AppData\Local\Macromedia

2012-12-21 21:28 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 21:28 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 21:28 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 21:28 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-11 17:23 . 2012-12-08 22:51 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-11 17:23 . 2011-10-12 08:10 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-30 04:45 . 2013-01-11 17:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-16 19:28 . 2011-10-07 06:12 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-14 07:06 . 2012-12-13 02:13 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 02:13 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 02:13 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 02:13 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 02:13 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 02:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 02:13 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 02:13 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 02:13 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 02:13 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 02:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 02:13 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 02:13 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 02:13 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 02:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 02:13 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 02:13 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 02:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 02:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 02:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 02:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 02:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-12 14:27 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-12 14:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:59 . 2012-12-12 14:22 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-12 14:22 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]

"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]

"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352]

"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-06-16 329056]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2011-03-23 1366936]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 344616]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 TmPfw;OfficeScan NT Firewall;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-01-07 595960]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-06-16 57952]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-06-16 39008]

S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-06-16 13408]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-07-21 196688]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2012-07-17 344376]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2012-07-17 42808]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-07-21 338000]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-06-16 29792]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-12-15 917840]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]

S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-10-21 228224]

S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys [2010-08-16 8320]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-12 18:31 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-08 17:23]

.

2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 01:26]

.

2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 01:26]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2011-06-16 01:44 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeScanNT Monitor"="-HideWindow" [X]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-06-16 114688]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-06-16 9753024]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-06-16 5908928]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.leloir;*.cicema.org.ar

uInternet Settings,ProxyServer = proxy:3128

uSearchAssistant = hxxp://www.google.com

IE: &Enviar a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página al dispositivo &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 200.69.193.1 200.69.193.2

DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab

FF - ProfilePath - c:\users\celeste\AppData\Roaming\Mozilla\Firefox\Profiles\1eytlpou.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-SDWinLogon - SDWinLogon.dll

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-16 16:43:42

ComboFix-quarantined-files.txt 2013-01-16 19:43

.

Pre-Run: 322.559.143.936 bytes libres

Post-Run: 322.412.744.704 bytes libres

.

- - End Of File - - FC07C7EC145F656CD0424247948F752A

Share this post


Link to post
Share on other sites

Did you set these up:

uInternet Settings,ProxyOverride = *.leloir;*.cicema.org.ar

uInternet Settings,ProxyServer = proxy:3128

----------------------------

Have you reset Firefox and Internet Explorer back to defaults?

Have you tried reinstalling Chrome?

ComboFix log looks OK

Let me know.....MrC

Share this post


Link to post
Share on other sites

This computer belongs to a network in an institute and that's our network proxy. Those settings were there prior to the malware.

IE and Firefox got back to normal before I posted here for the first time by resetting the start page and search engines' config.

I tried reinstalling chrome. Seems to start normally now.

What scan do we need to do to track possible remainders of this malware?

Thanks for all your help and patience.

Share this post


Link to post
Share on other sites

AdwCleaner and Junkware Removal Tool are the best tools for problems like this.

It's a constant battle as new malware comes out every minute.

I see you don't have Malwarebytes installed:

Please download Malwarebytes' Anti-Malware Free from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

Note: -->Do not run a full scan with MBAM. It is not required or needed.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

MrC

Share this post


Link to post
Share on other sites

I had downloaded MBAM, but I decided not to install anything during the cleaning process.

Installed and run MBAM. Here is the log, with the 3 files identified and deleted:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Versión de la Base de Datos: v2013.01.16.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

celeste :: CELESTE-PC [administrador]

16/01/2013 05:26:52 p.m.

mbam-log-2013-01-16 (17-26-52).txt

Tipos de Análisis: Análisis Rápido

Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opciones de análisis desactivados: P2P

Objetos examinados: 213118

Tiempo transcurrido: 3 minuto(s), 24 segundo(s)

Procesos en Memoria Detectados: 0

(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0

(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0

(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\SYSTEM32\CORE.DLL (Trojan.Agent) -> datos: 1 -> En cuarentena y eliminado con éxito.

Elementos de Datos del Registro Detectados: 0

(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0

(No se han detectado elementos maliciosos)

Archivos Detectados: 2

C:\Windows\System32\core.dll (Trojan.Agent) -> En cuarentena y eliminado con éxito.

C:\Windows\SysWOW64\core.dll (Trojan.Agent) -> En cuarentena y eliminado con éxito.

fin)

Share this post


Link to post
Share on other sites

OK..Looks Good>>>

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Share this post


Link to post
Share on other sites

Done. Chrome seems to start normally now. Waiting for further instructions. Thanks a lot.

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Trend Micro OfficeScan Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware versión 1.70.0.1100

Adobe Flash Player 11.5.502.146

Adobe Reader 10.1.3 Adobe Reader out of Date!

Mozilla Firefox (18.0)

Google Chrome 24.0.1312.52

````````Process Check: objlist.exe by Laurent````````

Spybot Teatimer.exe is disabled!

Trend Micro OfficeScan Client pccntmon.exe

Trend Micro OfficeScan Client ntrtscan.exe

Trend Micro OfficeScan Client tmlisten.exe

Trend Micro OfficeScan Client TmPfw.exe

Trend Micro OfficeScan Client TmProxy.exe

Trend Micro OfficeScan Client CNTAoSMgr.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites
Adobe Reader 10.1.3 Adobe Reader out of Date! <----please check for an update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

I'm trying to uninstall ComboFix, with the two methods you described, and it removes all archives but after that, combofix auto installs again and it tries to run again (I don't want to run it again so I restarted the system to avoid running combofix)

Any clues on how to remove it from the system?

Thanks a lot

Share this post


Link to post
Share on other sites

Thanks a lot. I suppose that would be all. Program said "Done!" and after that I deleted the Combofix.exe from desktop.

So thank you for all your effort, your kind help, and your quickness!

Best regards,

Pablo

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.