Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG detects trojan psw generic 10 [Closed]


  • This topic is locked This topic is locked

#1
alvarito

alvarito

    Member

  • Member
  • PipPip
  • 14 posts
Greetings, my brother used this computer for months mostly to play videogames and it is clearly infected withthat trojan but also it must have multiple other infections as toolbars and what not. Now Im using it so I want to clean it up for good. So what better place to come than here to repair it. Avg detects psw generic 10.
And the Computer have been infected with spam ads which i blocked, but there are other problems like strange yen signs instead of / in program pc routes and being unable to install programs. Every time I start the pc the alarm is shown.

Please give me a hand to stop this infection.

This is all the info that is received after using OTL.

1. OTL.txt


OTL logfile created on: 23-03-2013 17:20:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alvaro\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000340a | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,10% Memory free
4,00 Gb Paging File | 2,15 Gb Available in Paging File | 53,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,42 Gb Total Space | 231,24 Gb Free Space | 51,34% Space Free | Partition Type: NTFS
Drive D: | 15,34 Gb Total Space | 7,60 Gb Free Space | 49,51% Space Free | Partition Type: NTFS

Computer Name: ALVARO-PC | User Name: Alvaro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-03-23 17:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Álvaro\Desktop\OTL.exe
PRC - [2013-03-06 08:36:54 | 002,731,296 | ---- | M] (Conduit) -- C:\Users\Álvaro\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013-03-01 23:11:12 | 000,200,952 | ---- | M] (http://www.express-files.com/) -- C:\Program Files\ExpressFiles\EFUpdater.exe
PRC - [2013-02-27 15:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2013-02-23 19:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013-02-23 16:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2013-02-20 08:38:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013-02-18 22:54:47 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013-02-18 22:54:47 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013-01-29 17:45:20 | 000,064,576 | ---- | M] (Raptr, Inc) -- C:\Program Files\Raptr\raptr.exe
PRC - [2013-01-29 17:45:20 | 000,046,144 | ---- | M] (Raptr, Inc) -- C:\Program Files\Raptr\raptr_im.exe
PRC - [2012-12-10 16:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012-12-10 16:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012-11-19 16:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012-11-08 02:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012-11-02 02:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012-10-31 02:36:08 | 000,522,752 | ---- | M] (LOL Replay) -- C:\Program Files\LOLReplay\LOLRecorder.exe
PRC - [2012-09-08 21:29:11 | 000,143,360 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\UAService7.exe
PRC - [2012-03-19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-03-19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012-02-21 14:05:22 | 000,632,664 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster 3\gbtray.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-10-27 05:27:06 | 000,192,816 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files\BrowserCompanion\BCHelper.exe
PRC - [2011-10-01 07:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011-10-01 07:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011-02-25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-22 16:35:48 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010-11-22 16:33:54 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010-11-20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-04-23 09:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe


========== Modules (No Company Name) ==========

MOD - [2013-02-18 22:54:47 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013-02-18 22:54:47 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2012-10-31 02:35:36 | 000,311,808 | ---- | M] () -- C:\Program Files\LOLReplay\LOLUtils.dll
MOD - [2012-10-27 03:53:18 | 002,717,595 | ---- | M] () -- C:\Program Files\Raptr\heliotrope._purple.pyd
MOD - [2012-09-01 07:40:36 | 000,411,648 | ---- | M] () -- C:\Program Files\LOLReplay\Compression.dll
MOD - [2012-07-06 20:54:16 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012-07-06 20:53:15 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012-07-06 20:53:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012-07-06 20:52:50 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012-07-06 20:52:48 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012-07-06 20:52:47 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012-07-06 18:51:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012-07-06 18:50:00 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012-07-06 18:49:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012-07-06 18:49:26 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012-07-06 18:49:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012-07-06 18:49:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012-07-06 18:48:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012-07-06 18:48:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012-07-06 18:48:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012-07-06 18:48:27 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012-06-22 17:59:52 | 000,313,856 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtWebKit.pyd
MOD - [2012-06-22 17:55:58 | 000,494,592 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtNetwork.pyd
MOD - [2012-06-22 17:53:22 | 005,812,736 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtGui.pyd
MOD - [2012-06-22 17:39:06 | 001,662,464 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtCore.pyd
MOD - [2012-06-22 17:24:28 | 000,067,584 | ---- | M] () -- C:\Program Files\Raptr\sip.pyd
MOD - [2012-02-06 16:28:48 | 000,011,264 | ---- | M] () -- C:\Program Files\Raptr\Crypto.Util._counter.pyd
MOD - [2012-02-06 16:28:42 | 000,031,744 | ---- | M] () -- C:\Program Files\Raptr\Crypto.Cipher.AES.pyd
MOD - [2012-02-06 16:28:34 | 000,010,752 | ---- | M] () -- C:\Program Files\Raptr\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2011-12-15 15:16:32 | 000,516,440 | ---- | M] () -- C:\Program Files\IObit\Game Booster 3\sqlite3.dll
MOD - [2011-09-08 19:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files\Raptr\liboscar.dll
MOD - [2011-09-08 19:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files\Raptr\libjabber.dll
MOD - [2011-09-08 19:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files\Raptr\libymsg.dll
MOD - [2011-09-08 19:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files\Raptr\plugins\libaim.dll
MOD - [2011-09-08 19:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files\Raptr\plugins\libicq.dll
MOD - [2011-09-08 19:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files\Raptr\plugins\libirc.dll
MOD - [2011-09-08 19:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files\Raptr\plugins\ssl-nss.dll
MOD - [2011-09-08 19:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files\Raptr\plugins\libyahoojp.dll
MOD - [2011-09-08 19:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files\Raptr\plugins\ssl.dll
MOD - [2011-09-08 19:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files\Raptr\plugins\libmsn.dll
MOD - [2011-09-08 19:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files\Raptr\plugins\libxmpp.dll
MOD - [2011-09-08 19:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files\Raptr\plugins\libyahoo.dll
MOD - [2011-08-07 07:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files\BrowserCompanion\sqlite3.dll
MOD - [2011-05-10 15:01:42 | 000,030,208 | ---- | M] () -- C:\Program Files\Raptr\simplejson._speedups.pyd
MOD - [2011-02-15 14:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files\Raptr\libxml2-2.dll
MOD - [2011-02-15 14:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files\Raptr\sqlite3.dll
MOD - [2010-11-22 19:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files\Raptr\zlib1.dll
MOD - [2010-11-22 18:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files\Raptr\win32gui.pyd
MOD - [2010-11-22 18:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files\Raptr\win32file.pyd
MOD - [2010-11-22 18:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files\Raptr\win32api.pyd
MOD - [2010-11-22 18:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files\Raptr\win32process.pyd
MOD - [2010-11-22 18:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files\Raptr\gobject._gobject.pyd
MOD - [2010-11-22 18:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files\Raptr\pywintypes26.dll
MOD - [2010-11-22 18:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files\Raptr\PIL._imaging.pyd
MOD - [2010-11-22 18:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files\Raptr\_ssl.pyd
MOD - [2010-11-22 18:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files\Raptr\unicodedata.pyd
MOD - [2010-11-22 18:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files\Raptr\_hashlib.pyd
MOD - [2010-11-22 18:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files\Raptr\pyexpat.pyd
MOD - [2010-11-22 18:56:02 | 000,124,928 | ---- | M] () -- C:\Program Files\Raptr\_elementtree.pyd
MOD - [2010-11-22 18:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files\Raptr\_ctypes.pyd
MOD - [2010-11-22 18:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files\Raptr\_sqlite3.pyd
MOD - [2010-11-22 18:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files\Raptr\_socket.pyd
MOD - [2010-11-22 18:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files\Raptr\winsound.pyd
MOD - [2010-11-12 19:35:21 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-11-04 21:59:43 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_es_b77a5c561934e089\System.resources.dll
MOD - [2009-07-14 04:48:06 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_es_b77a5c561934e089\System.Runtime.Serialization.resources.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2013-03-12 23:28:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-02-23 16:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013-02-20 08:38:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013-02-18 22:54:47 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013-01-08 11:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-10 16:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-11-02 02:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-10-02 20:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012-09-08 21:29:11 | 000,143,360 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\Windows\System32\UAService7.exe -- (UserAccess7)
SRV - [2012-03-19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-11-28 17:52:00 | 004,579,400 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011-10-01 07:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011-10-01 07:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010-11-22 16:33:54 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010-11-22 16:31:52 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-07-13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aktzdv8d)
DRV - [2013-02-18 22:54:47 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-12-10 02:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012-11-08 02:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-06-15 15:38:31 | 000,007,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\EliteKingdoms\Cabal\Cabal Reloaded\Byakko.K32 -- (ByakkoDriver)
DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012-01-13 14:39:09 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-12-23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011-12-23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011-11-23 18:01:14 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011-10-01 07:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011-10-01 07:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011-10-01 07:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011-10-01 07:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010-11-20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 06:24:40 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-10-07 11:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010-01-26 22:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009-12-10 09:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009-09-16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-02-24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com/...q={searchTerms}
IE - HKLM\..\SearchScopes\{58725EE5-A6B6-40E1-8676-2FC700A46761}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...39-5423CF03080B
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-CL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF D9 A0 7A 1D E7 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/...q={searchTerms}
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000d0278814c719
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = http://plusnetwork.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{6BC1F8AF-B67A-4553-A51E-98668DB494CB}: "URL" = http://cl.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-19 17:35:34&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Alvaro\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2012-03-13 23:10:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013-03-06 08:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-18 22:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

[2012-11-10 17:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-09-03 15:36:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012-10-23 00:40:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012-01-18 18:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012-11-08 19:28:12 | 000,003,575 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-09-21 18:39:35 | 000,002,362 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3176921
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\\u00C1lvaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VDownloader (Enabled) = C:\Program Files\VDownloader\Addons\npVDownloader.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\Alvaro\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Álvaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Álvaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Álvaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: GoPhoto.it = C:\Users\Álvaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
CHR - Extension: Gmail = C:\Users\Álvaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (express-files Toolbar) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (express-files Toolbar) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Raptr] C:\Program Files\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Álvaro\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\SMINST\Launcher.exe (SofThinks SAS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &Enviar a OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: quakelive.com ([www] http in Sitios de confianza)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA30CA42-84D0-448E-ADCF-62744F2C00FC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3C851B3-317A-4555-8DE4-ACE375FA0A64}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004-05-01 10:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{151f4091-f959-11e1-a5d9-d0278814c719}\Shell - "" = AutoRun
O33 - MountPoints2\{151f4091-f959-11e1-a5d9-d0278814c719}\Shell\AutoRun\command - "" = J:\Autorun_By_VictorVal.exe
O33 - MountPoints2\{aac6152e-149b-11e1-b67d-d0278814c719}\Shell - "" = AutoRun
O33 - MountPoints2\{aac6152e-149b-11e1-b67d-d0278814c719}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{c3931935-161f-11e1-bb39-d0278814c719}\Shell - "" = AutoRun
O33 - MountPoints2\{c3931935-161f-11e1-bb39-d0278814c719}\Shell\AutoRun\command - "" = I:\FF7_v1.0.5.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-03-23 17:11:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Álvaro\Desktop\OTL.exe
[2013-03-23 16:59:38 | 005,574,792 | ---- | C] (Lavasoft Limited) -- C:\Users\Álvaro\Desktop\Adaware_Installer.exe
[2013-03-10 09:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2013-03-10 09:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013-03-10 09:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2013-03-06 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\AppData\Roaming\WinRAR
[2013-03-06 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013-03-06 09:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013-03-06 08:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013-03-05 22:53:12 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\Desktop\Musica mp3
[2013-03-04 17:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013-03-04 17:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013-03-02 00:05:29 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\Desktop\rise up
[2013-03-01 23:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013-03-01 23:12:28 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\AppData\Local\Conduit
[2013-03-01 23:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\express-files
[2013-03-01 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013-03-01 23:11:54 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\AppData\Roaming\SearchProtect
[2013-03-01 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\AppData\Local\CRE
[2013-03-01 23:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\ExpressFiles
[2013-03-01 00:06:53 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\Desktop\FFVIII
[2013-02-28 23:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013-02-28 23:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013-02-28 23:44:20 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2013-02-28 23:43:15 | 000,000,000 | ---D | C] -- C:\Users\Álvaro\AppData\Local\Microsoft Help
[2013-02-28 23:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013-02-26 14:20:17 | 000,780,288 | ---- | C] (Chapley) -- C:\Users\Álvaro\Desktop\TerrariForm.exe
[2012-10-04 21:26:01 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-03-23 17:24:01 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-23 17:18:01 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-23 17:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Álvaro\Desktop\OTL.exe
[2013-03-23 16:59:51 | 005,574,792 | ---- | M] (Lavasoft Limited) -- C:\Users\Álvaro\Desktop\Adaware_Installer.exe
[2013-03-23 11:56:51 | 000,010,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-23 11:56:51 | 000,010,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-23 11:54:14 | 002,880,712 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013-03-23 11:54:14 | 002,803,266 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-03-23 11:54:14 | 002,225,182 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013-03-23 11:54:14 | 002,194,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-03-23 11:51:13 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-23 11:49:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013-03-23 11:49:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-23 11:49:29 | 1610,612,736 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-23 11:11:40 | 114,253,813 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013-03-16 22:05:27 | 000,000,000 | -H-- | M] () -- C:\Users\Álvaro\Documents\Default.rdp
[2013-03-14 20:06:28 | 000,032,054 | ---- | M] () -- C:\Users\Álvaro\Desktop\Fire fist support.gif
[2013-03-14 20:02:11 | 000,245,465 | ---- | M] () -- C:\Users\Álvaro\Desktop\deck six sams.gif
[2013-03-14 18:14:39 | 000,264,858 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013-03-06 21:44:03 | 000,298,884 | ---- | M] () -- C:\Users\Álvaro\Desktop\preview.mp3
[2013-03-04 17:48:59 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013-03-01 23:27:52 | 000,000,009 | ---- | M] () -- C:\END
[2013-03-01 10:15:45 | 000,414,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-02-28 23:34:14 | 000,031,744 | ---- | M] () -- C:\Users\Álvaro\Documents\Rescue3.asd
[2013-02-28 23:33:31 | 000,031,744 | ---- | M] () -- C:\Users\Álvaro\Documents\Rescue2.asd
[2013-02-28 23:32:10 | 000,031,744 | ---- | M] () -- C:\Users\Álvaro\Documents\Rescue1.asd
[2013-02-28 23:32:04 | 000,031,744 | ---- | M] () -- C:\Users\Álvaro\Documents\Rescue.asd
[2013-02-28 23:24:50 | 089,770,216 | ---- | M] () -- C:\Users\Álvaro\Desktop\wor2007.rar
[2013-02-26 14:20:18 | 000,780,288 | ---- | M] (Chapley) -- C:\Users\Álvaro\Desktop\TerrariForm.exe
[2013-02-26 10:00:14 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-03-16 22:05:27 | 000,000,000 | -H-- | C] () -- C:\Users\Álvaro\Documents\Default.rdp
[2013-03-14 20:06:27 | 000,032,054 | ---- | C] () -- C:\Users\Álvaro\Desktop\Fire fist support.gif
[2013-03-14 20:02:08 | 000,245,465 | ---- | C] () -- C:\Users\Álvaro\Desktop\deck six sams.gif
[2013-03-06 21:44:02 | 000,298,884 | ---- | C] () -- C:\Users\Álvaro\Desktop\preview.mp3
[2013-03-04 17:48:59 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013-03-01 23:10:59 | 000,000,009 | ---- | C] () -- C:\END
[2013-02-28 23:34:14 | 000,031,744 | ---- | C] () -- C:\Users\Álvaro\Documents\Rescue3.asd
[2013-02-28 23:33:31 | 000,031,744 | ---- | C] () -- C:\Users\Álvaro\Documents\Rescue2.asd
[2013-02-28 23:32:04 | 000,031,744 | ---- | C] () -- C:\Users\Álvaro\Documents\Rescue1.asd
[2013-02-28 23:32:04 | 000,031,744 | ---- | C] () -- C:\Users\Álvaro\Documents\Rescue.asd
[2013-02-28 23:17:35 | 089,770,216 | ---- | C] () -- C:\Users\Álvaro\Desktop\wor2007.rar
[2013-02-26 10:00:14 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-11-10 13:18:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012-05-27 17:13:24 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012-04-22 00:27:28 | 000,000,008 | ---- | C] () -- C:\Users\Álvaro\AppData\Roaming\DofusAppId0_1
[2012-04-21 20:09:03 | 000,000,173 | ---- | C] () -- C:\Users\Álvaro\AppData\Roaming\D2Info0
[2012-04-21 20:09:03 | 000,000,008 | ---- | C] () -- C:\Users\Álvaro\AppData\Roaming\DofusAppId0_2
[2012-03-13 23:10:11 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012-01-13 14:39:10 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2012-01-13 14:39:09 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2011-12-03 23:58:46 | 005,631,404 | ---- | C] () -- C:\Users\Álvaro\ts3_recording_11_12_04_0_58_42.wav
[2011-11-27 15:02:57 | 000,088,280 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011-06-14 10:54:06 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011-06-13 16:08:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011-06-13 11:27:16 | 000,724,992 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe

========== ZeroAccess Check ==========

[2009-07-14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-01-15 22:09:24 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\.minecraft
[2012-07-19 15:36:35 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Ad-Aware Antivirus
[2013-03-20 16:29:01 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\AIMP3
[2012-04-21 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\app
[2012-07-19 16:30:39 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\AVG
[2012-06-19 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\AVG2012
[2012-09-21 18:39:22 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Babylon
[2012-09-21 18:39:48 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\BabylonToolbar
[2011-11-23 18:11:59 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\DAEMON Tools Lite
[2012-04-21 20:09:03 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012-04-22 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012-04-23 23:38:00 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Dofus2
[2012-11-27 13:49:38 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\ExpressFiles
[2011-11-26 15:34:37 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\fltk.org
[2012-04-04 17:44:47 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Iminent
[2011-11-26 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\LolClient
[2012-05-23 19:27:46 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\LolClient2
[2012-02-26 12:29:43 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\OpenCandy
[2012-11-10 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Opera
[2012-04-21 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-12-18 21:06:35 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\RGE
[2012-07-19 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\SampleView
[2013-03-01 23:33:28 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\SearchProtect
[2011-11-26 23:51:44 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\ShanghaiAlice
[2012-05-22 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\TeamViewer
[2013-02-28 23:31:12 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\Thinstall
[2013-02-28 23:36:51 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\TP
[2013-03-13 00:03:31 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\TS3Client
[2011-11-21 20:38:33 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\TuneUp Software
[2013-03-14 23:06:20 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\uTorrent
[2012-03-14 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Álvaro\AppData\Roaming\VDownloader

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012-01-08 23:33:46 | 000,000,000 | ---D | M](C:\Program Files\???c?×?\?≫?O?A?A?£) -- C:\Program Files\‚ ‚©‚ׂ¥‚»‚ӂƂ‚£
[2012-01-08 23:33:46 | 000,000,000 | ---D | M](C:\Program Files\???c?×?\?≫?O?A?A?£) -- C:\Program Files\‚ ‚©‚ׂ¥‚»‚ӂƂ‚£
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???c?×?\?≫?O?A?A?£) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\‚ ‚©‚ׂ¥‚»‚ӂƂ‚£
(C:\Program Files\???c?×?\?≫?O?A?A?£) -- C:\Program Files\‚ ‚©‚ׂ¥‚»‚ӂƂ‚£

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >


2. OTL Extras

OTL Extras logfile created on: 23-03-2013 17:20:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alvaro\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000340a | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,10% Memory free
4,00 Gb Paging File | 2,15 Gb Available in Paging File | 53,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,42 Gb Total Space | 231,24 Gb Free Space | 51,34% Space Free | Partition Type: NTFS
Drive D: | 15,34 Gb Total Space | 7,60 Gb Free Space | 49,51% Space Free | Partition Type: NTFS

Computer Name: ALVARO-PC | User Name: Alvaro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC691BEF-9978-4F11-A13E-4FB609BF02D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F9823B14-BC59-4414-BC95-73E21EB2E096}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{FC5B6746-A5D7-40F7-8995-A67419A31471}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069E270C-C906-4E23-9E2B-54F4C49BDFCE}" = protocol=6 | dir=in | app=f:\touhous xd\nueva carpeta (3)\launcher.exe |
"{06D54277-807F-44CB-AD24-9A998888F7AD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{082887D6-D27F-4DE5-A648-969F03155016}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{08B78447-584F-4999-8546-47F39261F666}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{09CFC09D-760D-453D-80B7-FE271FF62865}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{11A30E88-79CD-46D0-8959-9438F1477F57}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{17A5A8E6-0F9F-4CEB-8C4D-EC74A2B6794F}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{182A21DA-AB24-46B1-8603-C502F4F1EC86}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1991B934-5E1A-47F3-9FA0-77D2937B467D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1C730EC4-1A91-42A0-8D2F-02A589EB3297}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{1EF6EDCF-2AA9-4D71-8DFA-A911B5A4A117}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{20B253CF-343F-4555-926A-A3342AAD4E6D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{222E32D8-BAD9-41CA-983C-EC4EFBA8A982}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{2325F77B-70D0-47DD-B6C9-305FBA44605D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{33D1F4C2-915D-4780-B6BF-2CA78E2DC81B}" = protocol=6 | dir=in | app=f:\-.-\world of warcraft\launcher.patch.exe |
"{4086FF3E-3784-4AD9-8B6E-BB501E1D7710}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{459FA5A6-B907-4CB0-9209-D0F33A93E8EA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{47C71FBA-21C1-499C-A782-5A209F7F80CD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{4A74B073-AEEE-42F3-A75C-DEFC02380E5D}" = protocol=17 | dir=in | app=f:\-.-\world of warcraft\launcher.patch.exe |
"{4BF8DE6D-7E98-46A6-98A3-F0599112EEAB}" = protocol=6 | dir=in | app=f:\touhous xd\nueva carpeta (3)\_launcher.exe |
"{4CC845CC-45FA-460C-934E-0C795061DA66}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4D2F7F04-72D3-4FDF-8C52-E06EC243C4EA}" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe |
"{5FB5C38B-03C5-4433-99A6-1AF99E4BEE77}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{60826D17-1628-429B-8FE5-4C6A23BFA7CC}" = protocol=6 | dir=in | app=f:\-.-\world of warcraft\launcher.exe |
"{6293E8CF-C24A-4B9A-A22D-B3AA7DF0ADB0}" = protocol=17 | dir=in | app=c:\users\alvaro\desktop\asdf\left4dead\hl2.exe |
"{6B710F79-720E-4C25-8E78-E8416F848152}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{6F46FB30-4462-4F35-97E6-8B26EA2C38CB}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{77DABB89-9F33-4672-AF95-86240A12EF33}" = protocol=17 | dir=in | app=j:\-.-\world of warcraft\launcher.exe |
"{78883544-C449-4CF1-BFD3-B9132A887AFD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{819FA98B-DA28-4F45-8A98-3775314ACF69}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{88192BFC-2B30-4F8C-841E-F72AF013146F}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{89ADEF46-7BB1-431E-AE81-016905DA4597}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{89EAD545-7471-4778-9594-55210195755D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{90324C7F-18F9-4D44-8CC6-BD0225863D3C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{9127CF81-CC8A-4055-A598-F1E1F82B4210}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{957852B0-E270-48F2-B8EA-6A776EF29FF8}" = protocol=6 | dir=in | app=j:\-.-\world of warcraft\launcher.exe |
"{98AC998E-4CD2-44F7-BBAA-99A91AED1583}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9B42D70B-F1B5-4B88-B8C1-4416E63701D7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{9FD4EDC7-3A69-480C-850C-78073461B49C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A0E95DE8-7F9F-41AC-B172-447DAACFCF09}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A648CEBC-1978-4A03-B13E-EE0EBB40142E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{AB89D393-ADC4-4E8C-8554-25DFD1EEB763}" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe |
"{AB991153-EA52-415D-B513-681A61E74D23}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{AF05F389-D5A2-4E4F-86AC-D5EDCFA608E6}" = protocol=58 | dir=in | app=system |
"{AF402254-9D5E-45DD-9FF5-5357E87BEB4F}" = protocol=17 | dir=in | app=f:\-.-\world of warcraft\launcher.exe |
"{B8178C59-81B3-406F-8281-6BE9788B298D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{C3473AC7-4529-463F-8796-A61CD89F6F94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C82A192E-7279-4AE2-9AD7-5CF04ABAFA71}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CE2A787E-15CA-4146-8B10-CF1EA698BDB3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D313D913-8304-4D91-B5CD-72C2FF54FC70}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{D766BF3B-47A3-4ECD-B484-B59D47820AD2}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{E840A4A7-DD1E-4B69-A50C-8F11D8DE95F9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E87BDE8F-6D12-4D2E-B611-72A03E442EF6}" = protocol=17 | dir=in | app=f:\touhous xd\nueva carpeta (3)\launcher.exe |
"{EBE69E8E-1970-4127-B9A8-2059E16006EB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EC969E2E-0A4B-4285-8AFB-40ADF2182D02}" = protocol=6 | dir=in | app=c:\users\alvaro\desktop\asdf\left4dead\hl2.exe |
"{ED495DEA-1F8E-4F59-8ECE-5E74FA56F035}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F121695E-6A08-4728-84DA-0F92DE492118}" = protocol=17 | dir=in | app=f:\touhous xd\nueva carpeta (3)\_launcher.exe |
"{F80A6E7F-26F2-4422-AC90-CAFC0A6C1441}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"TCP Query User{053E096F-7575-4C8E-AA40-9804AE037FD2}F:\touhous xd\th123\th123.exe" = protocol=6 | dir=in | app=f:\touhous xd\th123\th123.exe |
"TCP Query User{0BCBF524-91C8-4FCF-835F-DD8DE24D0C1F}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{11FA8410-B35B-4444-A743-C4F0611BF81B}C:\users\alvaro\desktop\asdf\left4dead\hl2.exe" = protocol=6 | dir=in | app=c:\users\alvaro\desktop\asdf\left4dead\hl2.exe |
"TCP Query User{31CB1E36-8C97-4D62-BD1C-A65764970ACF}J:\-.-\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=j:\-.-\world of warcraft\launcher.patch.exe |
"TCP Query User{50F91929-0CF1-478C-9529-81BEE40690C4}C:\quake iii arena\quake3\quake3.exe" = protocol=6 | dir=in | app=c:\quake iii arena\quake3\quake3.exe |
"TCP Query User{56A4DB29-98A6-4F4B-AD48-91BAD9B40B2C}C:\program files\stepmania cvs\program\stepmania.exe" = protocol=6 | dir=in | app=c:\program files\stepmania cvs\program\stepmania.exe |
"TCP Query User{5942FF2D-A435-4528-B72D-39607A8BD6F0}F:\starcroft\sc1.16.1_by_@carloxss\starcraft.exe" = protocol=6 | dir=in | app=f:\starcroft\sc1.16.1_by_@carloxss\starcraft.exe |
"TCP Query User{5D37FE7D-B2AA-42A9-AD86-2A615A1B3CA8}C:\program files\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=c:\program files\torchlight ii\torchlight2.exe |
"TCP Query User{9BCC6C26-8CDC-41D6-889B-8DF91D535E64}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{AED989C4-B075-4CB8-91F9-26E5F70332B4}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe |
"TCP Query User{D1D7730A-D30C-4583-B384-6D73F55CB77C}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{D6739A09-432B-4276-B93E-5BAEE004A78C}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{E81EB623-4886-409F-A5C7-64FBC5171797}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{EB75EE1D-57BA-47D9-BAFA-E127FBAE0A75}J:\-.-\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=j:\-.-\world of warcraft\backgrounddownloader.exe |
"TCP Query User{FD6E16F3-6C7B-4C81-AF37-65175C76A36A}F:\half life 2 por vegeta501\hl2.exe" = protocol=6 | dir=in | app=f:\half life 2 por vegeta501\hl2.exe |
"UDP Query User{1B062E24-1A74-43FA-9597-CFB471C23BBE}F:\touhous xd\th123\th123.exe" = protocol=17 | dir=in | app=f:\touhous xd\th123\th123.exe |
"UDP Query User{1F13AD45-9ECE-4F60-8B18-FDFFB2CE282A}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{313E0CB1-7A60-4BEC-88BE-AEB19CEB1559}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{77F9042F-9A15-4641-AD6D-8406A90423B1}F:\starcroft\sc1.16.1_by_@carloxss\starcraft.exe" = protocol=17 | dir=in | app=f:\starcroft\sc1.16.1_by_@carloxss\starcraft.exe |
"UDP Query User{78CC4697-D9E5-48CD-81B0-8F118A0696A5}F:\half life 2 por vegeta501\hl2.exe" = protocol=17 | dir=in | app=f:\half life 2 por vegeta501\hl2.exe |
"UDP Query User{7EC77714-0B3D-4C00-86F5-B0DF16EABB52}C:\program files\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=c:\program files\torchlight ii\torchlight2.exe |
"UDP Query User{92A42AC0-E580-4596-BCA2-53AE61073FE3}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{93369B9A-F1E3-47E5-AFEA-D89CF5189E6B}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe |
"UDP Query User{A0ECB7D0-96E1-45DD-947D-3C87140FC5B3}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{B18D56B0-2773-46B1-9618-D78E72020D8D}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{B1D7C91A-E45A-4619-BF4E-7A8FCFA75703}C:\users\alvaro\desktop\asdf\left4dead\hl2.exe" = protocol=17 | dir=in | app=c:\users\alvaro\desktop\asdf\left4dead\hl2.exe |
"UDP Query User{B2214AC0-40FD-40A0-A2BF-E74878B5FCBE}C:\program files\stepmania cvs\program\stepmania.exe" = protocol=17 | dir=in | app=c:\program files\stepmania cvs\program\stepmania.exe |
"UDP Query User{B3FC29B2-B4A7-4B16-981B-DDDFCC37F895}J:\-.-\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=j:\-.-\world of warcraft\backgrounddownloader.exe |
"UDP Query User{CE3CBE2B-1CC7-4AEB-A10A-BAF2AFE45631}C:\quake iii arena\quake3\quake3.exe" = protocol=17 | dir=in | app=c:\quake iii arena\quake3\quake3.exe |
"UDP Query User{DA2145F0-DE8A-4EC9-8710-46773150CC08}J:\-.-\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=j:\-.-\world of warcraft\launcher.patch.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F9B474C-B65A-427E-A3A6-9B7460ED14D9}" = Lanix Recovery Center
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1" = FINAL FANTASY VII
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.0.4014
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{286C5BE9-7E61-4AC1-B674-BED333C35F73}" = AVG 2012
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F3A3B57-8AB4-4136-8FD2-96A77D5183C1}" = AVG 2012
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3800E4B7-3457-42D9-B22D-2CBAAAEDF0A1}" = IObit Toolbar v7.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FE93ACC-83FB-4FE5-9147-8BAD2D33E2EF}" = AVG 2012
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0C89A4-4040-47C7-AD0C-0E8226B6AFE2}" = AVG 2012
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{59308225-510C-4492-A7E4-71625FAD545E}" = Simple Adblock
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{726D1868-50CF-4DF5-B4EB-F67150DD82DB}" = Windows Live Movie Maker
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{781806FD-EA18-4D44-92D5-4FFC53251DDB}" = Document Express DjVu Plug-in
"{84E6A538-D3AE-4510-B32F-2415361D2770}" = Windows Live Protección Infantil
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client ES-ES Language Pack
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006D-0C0A-0000-0000000FF1CE}" = Hacer clic y ejecutar de Microsoft Office 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0C0A-0000-0000000FF1CE}" = Visor de Microsoft PowerPoint
"{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A392A7FE-2216-4F7B-AF2F-24F1533DB860}" = Quake Live Internet Explorer Plugin
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}" = Galería fotográfica de Windows Live
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.990
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1034-7B44-A95000000001}" = Adobe Reader 9.5.4 - Español
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
"{BBFDD98A-16DB-4A78-82A3-12ECCA29F1B0}" = AVG 2012
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{CB29344C-6667-455D-BD08-7AAA3E58206F}" = GAMEVIL
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{E7C0E7E9-B404-4A98-A8D1-FEFB9482866E}" = TuneUp Utilities Language Pack (es-ES)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"‚Ü‚µ‚ë‚Ú‚½‚ñ_is1" = ‚Ü‚µ‚ë‚Ú‚½‚ñ
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP3" = AIMP3
"Arasan_is1" = Arasan 14.2a
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"Borderlands GOTY Repack" = Borderlands GOTY Repack
"BrowserCompanion" = BrowserCompanion
"CabalLS_is1" = CabalLS
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"express-files Toolbar" = express-files Toolbar
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Katawa Shoujo" = Katawa Shoujo
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Lunia" = Lunia
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Microsoft Security Client" = Microsoft Security Essentials
"Minecraft 1.4.5" = Minecraft 1.4.5
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Nero - Burning Rom" = Nero - Burning Rom
"Office14.Click2Run" = Hacer clic y ejecutar de Microsoft Office 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Opera 12.14.1738" = Opera 12.14
"PROSet" = Intel® Network Connections Drivers
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"RaidCall" = RaidCall
"Raptr" = Raptr
"Scratch" = Scratch
"SearchProtect" = Search Protect by conduit
"StepMania CVS" = StepMania CVS 4.0 (remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Torchlight II © Runic Games_is1" = Torchlight II © Runic Games version 1
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Tunngle beta_is1" = Tunngle beta
"TVWiz" = Intel® TV Wizard
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ŽÔ—ւ̍‘AŒü“úˆ¨‚̏­—_is1" = ŽÔ—ւ̍‘AŒü“úˆ¨‚̏­— 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExpressFiles" = ExpressFiles

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17-02-2013 11:36:57 | Computer Name = Alvaro-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Error al descargar las cadenas del contador de rendimiento para el
servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la seccion de datos contiene
el codigo de error.

Error - 17-02-2013 15:11:05 | Computer Name = Alvaro-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activacion para "C:\Program Files\Common
Files\Spigot\Search Settings\SearchSettings64.exe". No se encontro el ensamblado
dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnostico detallado.

Error - 18-02-2013 11:52:49 | Computer Name = Alvaro-PC | Source = BugSplat | ID = 1
Description =

Error - 18-02-2013 19:12:55 | Computer Name = Alvaro-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicacion con errores: opera.exe, version: 12.14.1738.0,
marca de tiempo: 0x5110cff1 Nombre del modulo con errores: npquakezero.dll_unloaded,
version: 0.0.0.0, marca de tiempo: 0x4f3ae830 Codigo de excepcion: 0xc0000005 Desplazamiento
de errores: 0x6c334208 Id. del proceso con errores: 0x14ec Hora de inicio de la aplicacion
con errores: 0x01ce0e173a91bcd7 Ruta de acceso de la aplicacion con errores: C:\Program
Files\Opera\opera.exe Ruta de acceso del modulo con errores: npquakezero.dll Id.
del informe: b9b91e54-7a20-11e2-b7f1-d0278814c719

Error - 18-02-2013 21:32:25 | Computer Name = Alvaro-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicacion con errores: opera.exe, version: 12.14.1738.0,
marca de tiempo: 0x5110cff1 Nombre del modulo con errores: quakelive.dll, version:
0.1.0.600, marca de tiempo: 0x50fef006 Codigo de excepcion: 0xc0000005 Desplazamiento
de errores: 0x001daef4 Id. del proceso con errores: 0xa94 Hora de inicio de la aplicacion
con errores: 0x01ce0e2d88b1827b Ruta de acceso de la aplicacion con errores: C:\Program
Files\Opera\opera.exe Ruta de acceso del modulo con errores: C:\Users\テ〕varo\AppData\LocalLow\id
Software\quakelive\home\baseq3\quakelive.dll Id. del informe: 3667b977-7a34-11e2-b7f1-d0278814c719

Error - 19-02-2013 14:24:08 | Computer Name = Alvaro-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicacion con errores: TuneUpUtilitiesApp32.exe, version:
10.0.2011.86, marca de tiempo: 0x4cea9b6e Nombre del modulo con errores: TuneUpUtilitiesApp32.exe,
version: 10.0.2011.86, marca de tiempo: 0x4cea9b6e Codigo de excepcion: 0xc0000005
Desplazamiento
de errores: 0x000262ba Id. del proceso con errores: 0xfe4 Hora de inicio de la aplicacion
con errores: 0x01ce0eb6757ce850 Ruta de acceso de la aplicacion con errores: C:\Program
Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe Ruta de acceso del modulo con
errores: C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe Id. del
informe: 8c1acdc0-7ac1-11e2-95e5-d0278814c719

Error - 20-02-2013 0:00:51 | Computer Name = Alvaro-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicacion con errores: opera.exe, version: 12.14.1738.0,
marca de tiempo: 0x5110cff1 Nombre del modulo con errores: npquakezero.dll_unloaded,
version: 0.0.0.0, marca de tiempo: 0x4f3ae830 Codigo de excepcion: 0xc0000005 Desplazamiento
de errores: 0x6e944208 Id. del proceso con errores: 0xdd4 Hora de inicio de la aplicacion
con errores: 0x01ce0f15eece54fe Ruta de acceso de la aplicacion con errores: C:\Program
Files\Opera\opera.exe Ruta de acceso del modulo con errores: npquakezero.dll Id.
del informe: 1d88c0d9-7b12-11e2-95e5-d0278814c719

Error - 20-02-2013 0:01:01 | Computer Name = Alvaro-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicacion con errores: opera.exe, version: 12.14.1738.0,
marca de tiempo: 0x5110cff1 Nombre del modulo con errores: npquakezero.dll_unloaded,
version: 0.0.0.0, marca de tiempo: 0x4f3ae830 Codigo de excepcion: 0xc0000005 Desplazamiento
de errores: 0x6e8822e8 Id. del proceso con errores: 0xdd4 Hora de inicio de la aplicacion
con errores: 0x01ce0f15eece54fe Ruta de acceso de la aplicacion con errores: C:\Program
Files\Opera\opera.exe Ruta de acceso del modulo con errores: npquakezero.dll Id.
del informe: 2313bfaf-7b12-11e2-95e5-d0278814c719

Error - 20-02-2013 10:26:15 | Computer Name = Alvaro-PC | Source = BugSplat | ID = 1
Description =

Error - 20-02-2013 12:15:55 | Computer Name = Alvaro-PC | Source = BugSplat | ID = 1
Description =

Error - 20-02-2013 15:07:22 | Computer Name = Alvaro-PC | Source = BugSplat | ID = 1
Description =

Error - 22-02-2013 17:03:13 | Computer Name = Alvaro-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicacion con errores: Opera.exe, version: 12.14.1738.0,
marca de tiempo: 0x5110cff1 Nombre del modulo con errores: npquakezero.dll_unloaded,
version: 0.0.0.0, marca de tiempo: 0x4f3ae830 Codigo de excepcion: 0xc0000005 Desplazamiento
de errores: 0x6b394208 Id. del proceso con errores: 0x1258 Hora de inicio de la aplicacion
con errores: 0x01ce113867c45497 Ruta de acceso de la aplicacion con errores: C:\Program
Files\Opera\Opera.exe Ruta de acceso del modulo con errores: npquakezero.dll Id.
del informe: 447bea6f-7d33-11e2-b0b4-d0278814c719

Error - 22-02-2013 17:03:29 | Computer Name = Alvaro-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicacion con errores: Opera.exe, version: 12.14.1738.0,
marca de tiempo: 0x5110cff1 Nombre del modulo con errores: npquakezero.dll_unloaded,
version: 0.0.0.0, marca de tiempo: 0x4f3ae830 Codigo de excepcion: 0xc0000005 Desplazamiento
de errores: 0x6b2d22e8 Id. del proceso con errores: 0x1258 Hora de inicio de la aplicacion
con errores: 0x01ce113867c45497 Ruta de acceso de la aplicacion con errores: C:\Program
Files\Opera\Opera.exe Ruta de acceso del modulo con errores: npquakezero.dll Id.
del informe: 4e7825e3-7d33-11e2-b0b4-d0278814c719

Error - 23-02-2013 15:18:17 | Computer Name = Alvaro-PC | Source = Application Hang | ID = 1002
Description = El programa League of Legends.exe, version 3.2.0.38, dejo de interactuar
con Windows y se cerro. Para ver si hay mas informacion disponible acerca del problema,
compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador
de proceso: 730 Hora de inicio: 01ce11fa777f4025 Hora de finalizacion: 0 Ruta de acceso
de la aplicacion: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.212\deploy\League
of Legends.exe Identificador de informe: bd69a7b4-7ded-11e2-af86-d0278814c719

[ System Events ]
Error - 21-03-2013 21:01:58 | Computer Name = Alvaro-PC | Source = bowser | ID = 8003
Description =

Error - 21-03-2013 21:02:31 | Computer Name = Alvaro-PC | Source = Service Control Manager | ID = 7032
Description = El Administrador de control de servicios intento realizar una accion
correctora (Reiniciar el servicio) despues de la terminacion inesperada del servicio
Instrumental de administracion de Windows, pero ocurrio el siguiente error: %%1056

Error - 21-03-2013 21:02:40 | Computer Name = Alvaro-PC | Source = Service Control Manager | ID = 7023
Description = El servicio Centro de seguridad se cerro con el siguiente error: %%1747

Error - 21-03-2013 21:03:38 | Computer Name = Alvaro-PC | Source = Service Control Manager | ID = 7000
Description = El servicio Browser Manager no pudo iniciarse debido al siguiente
error: %%2

Error - 22-03-2013 13:08:09 | Computer Name = Alvaro-PC | Source = Service Control Manager | ID = 7000
Description = El servicio Browser Manager no pudo iniciarse debido al siguiente
error: %%2

Error - 22-03-2013 15:15:08 | Computer Name = Alvaro-PC | Source = bowser | ID = 8003
Description =

Error - 22-03-2013 20:31:52 | Computer Name = Alvaro-PC | Source = Service Control Manager | ID = 7000
Description = El servicio Browser Manager no pudo iniciarse debido al siguiente
error: %%2

Error - 23-03-2013 11:05:45 | Computer Name = Alvaro-PC | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 4:05:53 del ?23-?03-?2013 resulto
inesperado.

Error - 23-03-2013 11:05:48 | Computer Name = Alvaro-PC | Source = Service Control Manager | ID = 7000
Description = El servicio Browser Manager no pudo iniciarse debido al siguiente
error: %%2

Error - 23-03-2013 11:49:38 | Computer Name = Alvaro-PC | Source = Service Control Manager | ID = 7000
Description = El servicio Browser Manager no pudo iniciarse debido al siguiente
error: %%2


< End of report >

Thanks and please help, Ill be here waiting for the answer.

Edited by alvarito, 23 March 2013 - 02:54 PM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello alvarito

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
alvarito

alvarito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Greetings,

1.


Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
Error creating install.txt after 3 tries! Trying alternate method...
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2011
AVG PC Tuneup
TuneUp Utilities Language Pack (es-ES)
Java™ 6 Update 35
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.172
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````



-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------




2. # AdwCleaner v2.115 - Fichero creado el 23/03/2013 a 19:04:42
# Actualizado el 17/03/2013 por Xplode
# Sistema operativo : Windows 7 Starter Service Pack 1 (32 bits)
# Usuario : Alvaro - ALVARO-PC
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\Alvaro\Desktop\adwcleaner.exe
# Opcion [Supresion]


***** [Servicios] *****

Parado & Suprimido : Application Updater
Parado & Suprimido : Browser Manager
Parado & Suprimido : CltMngSvc

***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Program Files\1ClickDownload
Carpeta Suprimido : C:\Program Files\Application Updater
Carpeta Suprimido : C:\Program Files\AVG Secure Search
Carpeta Suprimido : C:\Program Files\BabylonToolbar
Carpeta Suprimido : C:\Program Files\Conduit
Carpeta Suprimido : C:\Program Files\DAEMON Tools Toolbar
Carpeta Suprimido : C:\Program Files\express-files
Carpeta Suprimido : C:\Program Files\Iminent
Carpeta Suprimido : C:\Program Files\IMinent toolbar
Carpeta Suprimido : C:\Program Files\SearchProtect
Carpeta Suprimido : C:\ProgramData\AVG Secure Search
Carpeta Suprimido : C:\ProgramData\Babylon
Carpeta Suprimido : C:\ProgramData\Browser Manager
Carpeta Suprimido : C:\ProgramData\IBUpdaterService
Carpeta Suprimido : C:\ProgramData\Trymedia
Carpeta Suprimido : C:\Users\Alvaro\AppData\Local\AVG Secure Search
Carpeta Suprimido : C:\Users\Alvaro\AppData\Local\Conduit
Carpeta Suprimido : C:\Users\Alvaro\AppData\Local\Temp\Iminent
Carpeta Suprimido : C:\Users\Alvaro\AppData\LocalLow\AVG Secure Search
Carpeta Suprimido : C:\Users\Alvaro\AppData\LocalLow\bbrs_002.tb
Carpeta Suprimido : C:\Users\Alvaro\AppData\LocalLow\Conduit
Carpeta Suprimido : C:\Users\Alvaro\AppData\LocalLow\express-files
Carpeta Suprimido : C:\Users\Alvaro\AppData\LocalLow\Search Settings
Carpeta Suprimido : C:\Users\Alvaro\AppData\Roaming\Babylon
Carpeta Suprimido : C:\Users\Alvaro\AppData\Roaming\BabylonToolbar
Carpeta Suprimido : C:\Users\Alvaro\AppData\Roaming\Iminent
Carpeta Suprimido : C:\Users\Alvaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Carpeta Suprimido : C:\Users\Alvaro\AppData\Roaming\OpenCandy
Carpeta Suprimido : C:\Users\Alvaro\AppData\Roaming\SearchProtect
Fichero Suprimido : C:\END
Fichero Suprimido : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Fichero Suprimido : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Fichero Suprimido : C:\Users\Alvaro\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Suprimido al reiniciar : C:\Program Files\BrowserCompanion
Suprimido al reiniciar : C:\Program Files\Common Files\AVG Secure Search
Suprimido al reiniciar : C:\Program Files\Common Files\spigot

***** [Registro] *****

Clave Supprimida : HKCU\Software\1ClickDownload
Clave Supprimida : HKCU\Software\a55dcdbe56de817
Clave Supprimida : HKCU\Software\AppDataLow\Software\Conduit
Clave Supprimida : HKCU\Software\AppDataLow\Software\express-files
Clave Supprimida : HKCU\Software\AppDataLow\Software\Search Settings
Clave Supprimida : HKCU\Software\AppDataLow\Software\SmartBar
Clave Supprimida : HKCU\Software\AppDataLow\Toolbar
Clave Supprimida : HKCU\Software\AVG Secure Search
Clave Supprimida : HKCU\Software\BabylonToolbar
Clave Supprimida : HKCU\Software\Blabbers
Clave Supprimida : HKCU\Software\BrowserCompanion
Clave Supprimida : HKCU\Software\Conduit
Clave Supprimida : HKCU\Software\DataMngr
Clave Supprimida : HKCU\Software\DataMngr_Toolbar
Clave Supprimida : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Clave Supprimida : HKCU\Software\IGearSettings
Clave Supprimida : HKCU\Software\Microsoft\Babylon
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clave Supprimida : HKCU\Software\Search Settings
Clave Supprimida : HKCU\Software\SearchProtect
Clave Supprimida : HKCU\Software\Softonic
Clave Supprimida : HKCU\Software\StartSearch
Clave Supprimida : HKLM\SOFTWARE\a55dcdbe56de817
Clave Supprimida : HKLM\Software\Application Updater
Clave Supprimida : HKLM\Software\AVG Secure Search
Clave Supprimida : HKLM\Software\AVG Security Toolbar
Clave Supprimida : HKLM\Software\Babylon
Clave Supprimida : HKLM\Software\BabylonToolbar
Clave Supprimida : HKLM\Software\BrowserCompanion
Clave Supprimida : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Clave Supprimida : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Clave Supprimida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Clave Supprimida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Clave Supprimida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{7AD1455F-5ACB-4A56-80AD-A1EDD5A2174B}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clave Supprimida : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Clave Supprimida : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Clave Supprimida : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Clave Supprimida : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Clave Supprimida : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Clave Supprimida : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clave Supprimida : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Clave Supprimida : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Clave Supprimida : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Clave Supprimida : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Clave Supprimida : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
Clave Supprimida : HKLM\SOFTWARE\Classes\oneclick
Clave Supprimida : HKLM\SOFTWARE\Classes\oneclickmg
Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap
Clave Supprimida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Clave Supprimida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Clave Supprimida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Clave Supprimida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Clave Supprimida : HKLM\SOFTWARE\Classes\S
Clave Supprimida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Clave Supprimida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clave Supprimida : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clave Supprimida : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
Clave Supprimida : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
Clave Supprimida : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
Clave Supprimida : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Clave Supprimida : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar.CT3176921
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Clave Supprimida : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Clave Supprimida : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Clave Supprimida : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Clave Supprimida : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Clave Supprimida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Clave Supprimida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Clave Supprimida : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Clave Supprimida : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Clave Supprimida : HKLM\Software\Conduit
Clave Supprimida : HKLM\Software\DataMngr
Clave Supprimida : HKLM\Software\express-files
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Clave Supprimida : HKLM\Software\Iminent
Clave Supprimida : HKLM\Software\Messenger Plus!\OpenCandy
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{279D0680-E4E6-4AD5-B859-269F7A467A50}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A82A26D-5F7E-4345-A442-6841D1C4B27F}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AD1455F-5ACB-4A56-80AD-A1EDD5A2174B}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Clave Supprimida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\express-files Toolbar
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Clave Supprimida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Clave Supprimida : HKLM\Software\OpenCandy NSIS SDK
Clave Supprimida : HKLM\Software\Search Settings
Clave Supprimida : HKLM\Software\SearchProtect
Clave Supprimida : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clave Supprimida : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Dato Supprimida : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Valor Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Valor Supprimida : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Valor Supprimida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16446

Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921&SearchSource=61&CUI=UN16508592171340310&UM=UM_ID&UP=SPF0556917-9E8C-4F81-8339-5423CF03080B --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.172

Fichero : C:\Users\Alvaro\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimida [l.35] : icon_url = "hxxp://search.conduit.com/fav.ico",
Supprimida [l.38] : keyword = "search.conduit.com",
Supprimida [l.41] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN11[...]
Supprimida [l.2137] : homepage = "hxxp://search.conduit.com/?CUI=UN11897591232832515&ctid=CT3176921&SearchSource=48",
Supprimida [l.2427] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN11897591232832515&ctid=CT317[...]

-\\ Opera v12.14.1738.0

Fichero : C:\Users\Alvaro\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] El fichero no contiene ninguna entrada ilegitima.

*************************

AdwCleaner[S1].txt - [30358 octets] - [23/03/2013 19:04:42]

########## EOF - C:\AdwCleaner[S1].txt - [30419 octets] ##########




-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------


3.


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Álvaro [Admin rights]
Mode : Remove -- Date : 03/23/2013 19:14:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : SearchProtect (C:\Windows\System32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-083CA0 ATA Device +++++
--- User ---
[MBR] caad614005a7d6e59c5db2a2316ec6e0
[BSP] bd82e5aeee795c2934c558d65f4ef8c1 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15711 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32178195 | Size: 461225 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03232013_02d1914.txt >>
RKreport[1]_S_03232013_02d1913.txt ; RKreport[2]_D_03232013_02d1914.txt

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Álvaro [Admin rights]
Mode : Remove -- Date : 03/23/2013 19:14:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : SearchProtect (C:\Windows\System32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-083CA0 ATA Device +++++
--- User ---
[MBR] caad614005a7d6e59c5db2a2316ec6e0
[BSP] bd82e5aeee795c2934c558d65f4ef8c1 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15711 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32178195 | Size: 461225 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03232013_02d1914.txt >>
RKreport[1]_S_03232013_02d1913.txt ; RKreport[2]_D_03232013_02d1914.txt


------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------

Thanks. I'll be waiting here.
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello alvarito

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
alvarito

alvarito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hello,

I cannot execute combofix:
This is the error.

I tried downloading it again))

Posted Image

What do you see?

Thanks.

Edited by alvarito, 23 March 2013 - 05:18 PM.

  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
try redownloading it and restart the computer


gringo
  • 0

#7
alvarito

alvarito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I downloaded it again and restarted the pc, but now combofix has this icon:

Posted Image

And when I double click it a new window appears asking if I should allow the program (Control de cuentas de usuario) to do changes. If I say yes, the same error appears, if I say no, nothing happens.

And At the start im getting an error of the Raptr program saying it cannot be accessed.

Edited by alvarito, 23 March 2013 - 05:49 PM.

  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello alvarito


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
  • 0

#9
alvarito

alvarito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello gringo

Results:

1. Too long, I attached the rest of the txt.


09:29:39.0077 4004 ============================================================
09:29:39.0077 4004 Scan finished
09:29:39.0077 4004 ============================================================
09:29:39.0093 2612 Detected object count: 4
09:29:39.0093 2612 Actual detected object count: 4
09:29:42.0790 2612 ByakkoDriver ( UnsignedFile.Multi.Generic ) - skipped by user
09:29:42.0790 2612 ByakkoDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:29:42.0806 2612 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
09:29:42.0806 2612 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:29:42.0806 2612 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:29:42.0806 2612 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:29:42.0806 2612 UserAccess7 ( UnsignedFile.Multi.Generic ) - skipped by user
09:29:42.0806 2612 UserAccess7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:29:50.0169 2076 Deinitialize success



...............................................

2. When Malwarebytes Anti-Rootkit was executing this messages popped out.

Posted Image
Posted Image


I run the program 2 times, as it found problems the first time-

.............................
Report 1
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.24.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Álvaro :: ÁLVARO-PC [administrator]

24-03-2013 10:24:57
mbar-log-2013-03-24 (10-24-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 33616
Time elapsed: 48 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
c:\Users\Álvaro\AppData\Local\Temp\eType Setup403516.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
c:\Users\Álvaro\Downloads\AVS_Media_Player.exe (Adware.Bundler) -> Delete on reboot.
c:\Users\Álvaro\Downloads\eTypeSetup (1).exe (PUP.BundleInstaller.IB) -> Delete on reboot.
c:\Users\Álvaro\Downloads\eTypeSetup.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
c:\Users\Álvaro\Downloads\etype_setuppib (1).exe (PUP.BundleInstaller.IB) -> Delete on reboot.
c:\Users\Álvaro\Downloads\etype_setuppib.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
c:\Users\Alvaro\Desktop\nero 8 esp\[nero.8.ultra.edition].nero.8x.keygen.exe (RiskWare.Tool.CK) -> Delete on reboot.
c:\Users\Álvaro\Desktop\Carpetas\Starcroft\SC1.16.1_By_@CarloxSS\BNetGatewayEditor.exe (Trojan.LDPinch) -> Delete on reboot.

(end)

..............................



report 2

Database version: v2013.03.24.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Álvaro :: ÁLVARO-PC [administrator]

24-03-2013 11:15:48
mbar-log-2013-03-24 (11-15-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 33597
Time elapsed: 44 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

------------------------------------------------

Now I am updating 120 mbs from windows updater that belong to Windows 7. After that I'll finish updating office 2010 from windows updater. The firewall is also working now in green. Internet access is working as well.

.................................................

Thank I'll be here.

Attached Files


Edited by alvarito, 24 March 2013 - 09:54 AM.

  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello alvarito

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
  • 0

Advertisements


#11
alvarito

alvarito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello gringo, I restarted the pc in safe mode, but I still got the same error and the program couldn't start.

I have an USB external disk, can I run combofix from that USB external disk perhaps?

My brother told me that in order to install a program I have to 1. deactivate the anti virus and 2. use explorer to download it 3. execute it . I'm doing it now.

It worked! I'm running it now!

Edited by alvarito, 24 March 2013 - 02:23 PM.

  • 0

#12
alvarito

alvarito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
1. Report Combofix

ComboFix 13-03-24.03 - Alvaro 24-03-2013 15:56:09.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.932.81.3082.18.2048.1057 [GMT -4:00]
Running from: c:\users\LVARO~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\SW0V9K6G\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Amazon.ico
c:\programdata\DynuEncrypt.dll
c:\programdata\MercadoLivre.ico
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))
.
.
2013-03-24 20:05 . 2013-03-24 20:05 -------- d-----w- c:\users\Alvaro\AppData\Local\temp
2013-03-24 20:05 . 2013-03-24 20:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-03-24 20:05 . 2013-03-24 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-24 18:58 . 2013-03-24 18:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-24 18:51 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-24 18:00 . 2013-03-24 18:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-03-24 16:08 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-03-24 16:08 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-24 15:49 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-03-24 15:49 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-03-24 15:49 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-03-24 15:48 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-03-24 15:48 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2013-03-24 15:48 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2013-03-24 15:48 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2013-03-24 15:48 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2013-03-24 15:48 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2013-03-24 15:48 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2013-03-24 15:48 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-24 15:48 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-24 15:48 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-03-24 15:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-24 13:34 . 2013-03-24 13:34 -------- d-----w- c:\programdata\Malwarebytes
2013-03-22 01:01 . 2013-03-22 01:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\AVG2012
2013-03-22 01:01 . 2013-03-22 01:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect
2013-03-13 03:27 . 2013-03-13 03:27 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-10 13:12 . 2013-03-10 13:12 -------- d-----w- c:\program files\IObit Toolbar
2013-03-04 21:48 . 2013-03-04 21:49 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-03-02 03:11 . 2013-03-02 03:11 -------- d-----w- c:\program files\ExpressFiles
2013-03-01 03:44 . 2013-03-01 03:44 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-03-01 03:44 . 2013-03-01 03:47 -------- d-----w- c:\windows\SHELLNEW
2013-03-01 03:42 . 2013-03-24 19:03 -------- d-----w- c:\programdata\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 03:28 . 2012-04-04 13:22 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 03:28 . 2011-11-22 14:52 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 10:38 . 2011-06-11 04:58 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-06 10:38 . 2011-06-11 04:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-19 02:54 . 2012-08-30 16:32 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-09 17:20 . 2013-02-09 17:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 17:20 . 2012-09-03 19:36 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-09 17:20 . 2012-02-20 02:26 782240 ----a-w- c:\windows\system32\deployJava1.dll
2010-01-26 14:11 . 2012-03-14 03:10 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2013-01-29 55360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\SMINST\Launcher.exe" [2009-11-23 237568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2012-10-31 522752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\users\Alvaro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 apf001;apf001;c:\windows\system32\apf001.sys [x]
R3 ByakkoDriver;ByakkoDriver;c:\program files\EliteKingdoms\Cabal\Cabal Reloaded\Byakko.K32 [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
S2 avgwd;WatchDog de AVG;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 14:19 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:28]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 21:07]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: &Enviar a OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
Trusted Zone: quakelive.com\www
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
SafeBoot-87865922.sys
AddRemove-Arasan_is1 - j:\program files\Arasan\14.2a\unins000.exe
AddRemove-?U?μ?e?U???n_is1 - c:\program files\Fizz\?U?μ?e?U???n\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\ByakkoDriver]
"ImagePath"="\??\c:\program files\EliteKingdoms\Cabal\Cabal Reloaded\Byakko.K32"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-24 16:19:21
ComboFix-quarantined-files.txt 2013-03-24 20:19
.
Pre-Run: 252.841.218.048 bytes libres
Post-Run: 256.868.401.152 bytes libres
.
- - End Of File - - 32F8DA21D8A0153E42ACF505D4D7D4DF
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello alvarito

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#14
alvarito

alvarito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I cannot do that, because when I run it before I click on execute right away when I downloaded the file in order to be able to run it. So when I now move it on top of the combofix exe the program says it cannot start.
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP