Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware problem - Infostealer.sniful infection [Solved]

Started by charrascan , May 22 2014 11:37 AM
Infostealer.snifula

  • This topic is locked This topic is locked

#1
charrascan
Posted 22 May 2014 - 11:37 AM

charrascan

    Member

  • Member
  • PipPip
  • 12 posts

Please, please help me out ... :(

 

Hello,

 

I've done all the steps prior this one, and have the OTL logs as well.

 

My problem is that while I was running a "full system scan" on Norton 360, I noticed some odd names like Infostealer.snifula, Infostealer.snifulb, Rustock.B, Backdoor.Trojan, etc; the scan did not detect any of these things as virus or harmful files.

 

This computer belongs to my parents, so often times they open things without thinking if it is a safe site. The speed is slightly slow, I don't see any other error messages, and the only way I knew about the viruses was because their name showed in the scan.

 

Thanks a lot for your help. :)

 

 

 

OTL logfile created on: 22/05/2014 12:13:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PILAR\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0a | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,37% Memory free
7,89 Gb Paging File | 6,10 Gb Available in Paging File | 77,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 376,32 Gb Free Space | 89,21% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,56 Gb Free Space | 91,59% Space Free | Partition Type: NTFS
 
Computer Name: PILAR-PC | User Name: PILAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/22 12:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/25 19:26:31 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\PILAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/04/25 11:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2012/04/24 21:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/09/15 07:13:18 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/06/15 06:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
PRC - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 03:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/28 18:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/14 13:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/02 19:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/18 22:27:06 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\562bdd62e51e3eaac4e7c3c30fc6a200\IAStorUtil.ni.dll
MOD - [2014/05/14 22:02:16 | 011,922,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/14 22:02:02 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/03/25 09:46:45 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ad6e1822cef18d4543465d225d4f6cb6\IAStorCommon.ni.dll
MOD - [2014/03/02 11:19:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/03/02 11:19:46 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/03/02 11:19:39 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/03/02 11:19:36 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/03/02 11:19:23 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/03/02 11:19:19 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/03/02 11:19:14 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/07/08 07:49:47 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012/04/24 21:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
MOD - [2012/04/24 21:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
MOD - [2011/09/15 07:13:17 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010/11/12 18:35:42 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/14 17:36:45 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/22 02:33:34 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe -- (srvBrowserProtect)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/14 13:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 09:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/09 16:19:23 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/15 07:23:21 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/09/15 07:23:18 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/09/15 07:20:46 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/09/15 07:20:46 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/09/14 22:29:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/14 22:29:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/14 22:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/07 20:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/02/18 03:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/13 23:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/28 18:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/14 22:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/14 22:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/14 22:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/14 22:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/14 22:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 05:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 01:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 03:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/08/20 22:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/08/16 04:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009/10/21 18:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/10/12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/09 20:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20140510.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/03/24 11:06:08 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20140521.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/01 21:56:29 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140522.001\ex64.sys -- (NAVEX15)
DRV - [2014/01/01 21:56:29 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140522.001\eng64.sys -- (NAVENG)
DRV - [2013/11/21 12:07:41 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 12:07:40 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://en.eazel.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFF [2013/10/12 06:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2014/05/20 19:38:17 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.mx/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Skype Click to Call = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EPSON TX120 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGL.EXE /FU "C:\windows\TEMP\E_SAE87.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Spotify] C:\Users\PILAR\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\PILAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA103418-4FF2-4544-B889-D406AB2E0BA9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71BC1E0-8873-4CB5-A126-325E1CD95626}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/22 12:10:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
[2014/05/20 20:05:49 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Desktop\Facturas-Ingresos-2014
[2014/05/20 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Desktop\Facturas-Egresos-2014
[2014/05/14 21:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/07 07:31:39 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/22 12:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
[2014/05/22 11:45:58 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/22 11:40:00 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/22 11:38:22 | 001,678,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/22 11:38:22 | 000,748,088 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
[2014/05/22 11:38:22 | 000,654,582 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/22 11:38:22 | 000,159,270 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
[2014/05/22 11:38:22 | 000,122,196 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/22 11:36:00 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 11:35:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/20 19:46:11 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/20 19:46:11 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/20 19:38:57 | 000,150,425 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/05/20 19:38:22 | 000,000,480 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (Local).job
[2014/05/20 19:38:22 | 000,000,472 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (TE).job
[2014/05/20 19:37:59 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/19 21:42:12 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Navegador de Internet.lnk
 
========== Files Created - No Company Name ==========
 
[2012/09/16 04:33:58 | 001,652,248 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/25 06:14:48 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Lenovo
[2013/06/09 13:13:07 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\SmartDraw
[2014/05/20 12:30:10 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\SoftGrid Client
[2014/05/20 19:40:56 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Spotify
[2012/09/16 04:34:49 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
< End of report >
 
 

OTL Extras logfile created on: 22/05/2014 12:13:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PILAR\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0a | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,37% Memory free
7,89 Gb Paging File | 6,10 Gb Available in Paging File | 77,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 376,32 Gb Free Space | 89,21% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,56 Gb Free Space | 91,59% Space Free | Partition Type: NTFS
 
Computer Name: PILAR-PC | User Name: PILAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{68C76B54-E842-4FAB-9F53-43EB65653FB8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F3E0FB9F-8E7D-4A18-9D1B-034213D7566A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F2C950F-870D-4B01-9C4F-2560498C9D9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{10557BA9-AF1A-4C55-8D57-3CD30E53EDE9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3CBA4F0F-209B-432A-9DE9-98D5EAC94FE7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4632BD81-7453-44EA-AEE9-7265C51A9317}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5ECEB6EF-EAE9-438B-8FCE-39A27ACAF43F}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{6EB79DBD-2AFB-435D-80DF-10AE6ACD490C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E4025772-5764-49E1-9041-EECB61D27A80}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{F93226DD-B48B-4939-B14B-1065D26BD71B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"TCP Query User{B645EC90-C349-4380-9BD6-ADAA00B33405}C:\users\pilar\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\pilar\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{25200BB0-81FE-464A-909E-589A034C96AB}C:\users\pilar\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\pilar\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0C0A-1000-0000000FF1CE}" = Hacer clic y ejecutar de Microsoft Office 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082" = Microsoft .NET Framework 4.5.1 (español)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D6E5E5FE-83CF-3CFC-AF7A-11F05613705B}" = Microsoft .NET Framework 4.5.1 (ESN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"EPSON TX120 Series" = Desinstalador de impresoras EPSON TX120 Series
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0C0A-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Español
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1034-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Español
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Guía del usuario
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"BrowserProtect" = BrowserProtect
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Internet Telcel Banda Ancha" = Internet Telcel Banda Ancha
"Lenovo Games Console" = Lenovo Games Console
"N360" = Norton 360
"Office14.Click2Run" = Hacer clic y ejecutar de Microsoft Office 2010
"SmartDraw 2014" = SmartDraw 2014
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25/04/2014 23:14:39 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/04/2014 1:08:10 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/04/2014 10:54:03 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/04/2014 17:08:18 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02/05/2014 23:04:57 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02/05/2014 23:34:56 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03/05/2014 7:50:32 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03/05/2014 22:35:37 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2014 8:56:48 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2014 9:29:53 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20/10/2013 14:05:55 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:49:18 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:49:48 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:50:18 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 19/11/2013 19:21:05 | Computer Name = PILAR-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Error de instalación: error de Windows al instalar la siguiente actualización,
 error 0x80246002: Internet Explorer 11 para Windows 7 para sistemas basados en 
x64.
 
Error - 21/11/2013 13:23:34 | Computer Name = PILAR-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21/11/2013 13:26:20 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7043
Description = El servicio Instalador de módulos de Windows no se cerró correctamente
 después de recibir un control de aviso de apagado.
 
Error - 21/11/2013 14:25:11 | Computer Name = PILAR-PC | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 11:57:41 a.m. del ?21/?11/?2013
 resultó inesperado.
 
Error - 21/11/2013 14:25:20 | Computer Name = PILAR-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 02/01/2014 10:13:08 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7034
Description = El servicio Intel® Rapid Storage Technology se terminó de manera
 inesperada. Esto ha sucedido 1 veces.
 
 
< End of report >
 

Edited by charrascan, 23 May 2014 - 11:06 AM.

  • 0

Advertisements

#2
pystryker
Posted 25 May 2014 - 11:44 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Sorry for the delay in getting to you, we do get quite busy sometimes. :thumbsup:


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:

Since your OTL log is a few days old, let's get a fresh look with it, and run another scan.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Custom OTL Scan
  • Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.
firstscangraphic.jpg
  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  • Please post each log in your next reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:

Fresh OTL Log

Fresh Extras.txt Log

aswMBR Log
  • 0

#3
charrascan
Posted 25 May 2014 - 09:16 PM

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Pystryker,

First of all thanks a lot for helping me out!!! Second, I'm currently out of town and without my computer. I'll be able to do what you asked me to do on Wednesday afternoon, so please don't delete me from your "patient" list :)

Thanks a lot again.
  • 0

#4
pystryker
Posted 25 May 2014 - 09:18 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello, you're quite welcome :-) No worries, I'll keep the thread open for you. :thumbsup:
  • 0

#5
charrascan
Posted 28 May 2014 - 05:58 PM

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi,

 

Here are the fresh logs. Thanks!

 

1) OTL logs

 

 

OTL logfile created on: 28/05/2014 18:26:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PILAR\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0a | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 72,81% Memory free
7,89 Gb Paging File | 6,42 Gb Available in Paging File | 81,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 376,12 Gb Free Space | 89,17% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,56 Gb Free Space | 91,59% Space Free | Partition Type: NTFS
 
Computer Name: PILAR-PC | User Name: PILAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/22 12:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/25 19:26:31 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\PILAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/04/25 11:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2012/04/24 21:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/09/15 07:13:18 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/06/15 06:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
PRC - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 03:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/14 13:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/02 19:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/18 22:27:06 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\562bdd62e51e3eaac4e7c3c30fc6a200\IAStorUtil.ni.dll
MOD - [2014/05/14 22:02:16 | 011,922,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/14 22:02:02 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/03/25 09:46:45 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ad6e1822cef18d4543465d225d4f6cb6\IAStorCommon.ni.dll
MOD - [2014/03/02 11:19:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/03/02 11:19:46 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/03/02 11:19:39 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/03/02 11:19:36 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/03/02 11:19:23 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/03/02 11:19:19 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/03/02 11:19:14 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/07/08 07:49:47 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012/04/24 21:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
MOD - [2012/04/24 21:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
MOD - [2011/09/15 07:13:17 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010/11/12 18:35:42 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/14 17:36:45 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/22 02:33:34 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe -- (srvBrowserProtect)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/14 13:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 09:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/09 16:19:23 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/15 07:23:21 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/09/15 07:23:18 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/09/15 07:20:46 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/09/15 07:20:46 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/09/14 22:29:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/14 22:29:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/14 22:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/07 20:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/02/18 03:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/13 23:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/28 18:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/14 22:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/14 22:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/14 22:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/14 22:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/14 22:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 05:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 01:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 03:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/08/20 22:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/08/16 04:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009/10/21 18:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/10/12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/09 20:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20140510.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/03/24 11:06:08 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20140527.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/01 21:56:29 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140528.017\ex64.sys -- (NAVEX15)
DRV - [2014/01/01 21:56:29 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140528.017\eng64.sys -- (NAVENG)
DRV - [2013/11/21 12:07:41 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 12:07:40 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://en.eazel.com/...q={searchTerms}
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFF [2013/10/12 06:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2014/05/22 20:12:50 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.mx/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Skype Click to Call = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1510572874-1796251914-533295934-1000..\Run: [EPSON TX120 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGL.EXE /FU "C:\windows\TEMP\E_SAE87.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1510572874-1796251914-533295934-1000..\Run: [Spotify] C:\Users\PILAR\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1510572874-1796251914-533295934-1000..\Run: [Spotify Web Helper] C:\Users\PILAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA103418-4FF2-4544-B889-D406AB2E0BA9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71BC1E0-8873-4CB5-A126-325E1CD95626}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/22 12:10:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
[2014/05/20 20:05:49 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Desktop\Facturas-Ingresos-2014
[2014/05/20 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Desktop\Facturas-Egresos-2014
[2014/05/14 21:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/07 07:31:39 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/28 18:17:16 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/28 18:17:16 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/28 18:06:59 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/28 18:03:16 | 001,678,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/28 18:03:16 | 000,748,088 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
[2014/05/28 18:03:16 | 000,654,582 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/28 18:03:16 | 000,159,270 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
[2014/05/28 18:03:16 | 000,122,196 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/28 18:02:43 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/28 18:02:14 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/28 18:02:07 | 000,000,472 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (TE).job
[2014/05/28 18:02:05 | 000,000,480 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (Local).job
[2014/05/28 18:01:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/23 12:09:22 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Navegador de Internet.lnk
[2014/05/22 20:13:16 | 000,140,579 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/05/22 20:12:28 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/22 12:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
[2014/05/14 17:36:45 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 17:36:45 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012/09/16 04:33:58 | 001,652,248 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/25 06:14:48 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Lenovo
[2013/06/09 13:13:07 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\SmartDraw
[2014/05/22 13:12:49 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\SoftGrid Client
[2014/05/22 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Spotify
[2012/09/16 04:34:49 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/09/14 22:27:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/09/14 22:27:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/09/14 22:27:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/09/14 22:27:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/09/14 22:27:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/09/14 22:27:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.ASFX  >
[2014/05/08 08:49:08 | 000,002,544 | ---- | M] () MD5=E34F6F2011E6A981EE46105A813AA6B4 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\es_ES\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX21  >
[2012/09/23 21:43:46 | 000,002,546 | R--- | M] () MD5=DE20C36CDD3208B4E8544397E551C40B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B744BA0000000010\11.0.0\services.asfx21
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 08:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/09/14 22:18:43 | 000,019,456 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\SysNative\es-ES\services.exe.mui
[2011/09/14 22:18:43 | 000,019,456 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5bd95a23fcd260d\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2011/09/14 22:18:40 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\windows\SysNative\es-ES\services.msc
[2011/09/14 22:18:45 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\SysWOW64\es-ES\services.msc
[2011/09/14 22:18:40 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ffff658e1636c000\services.msc
[2011/09/14 22:18:45 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3e0ca0a5dd94eca\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\windows\SysNative\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 El volumen de la unidad C no tiene etiqueta.
 El n£mero de serie del volumen es: 5E96-A6F6
 Directorio de C:\
16/09/2012  03:38 a.m.    <JUNCTION>     Archivos de programa [C:\Program Files]
14/07/2009  12:08 a.m.    <JUNCTION>     Documents and Settings [C:\Users]
               0 archivos              0 bytes
 Directorio de C:\Program Files
16/09/2012  03:38 a.m.    <JUNCTION>     Archivos comunes [C:\Program Files\Common Files]
               0 archivos              0 bytes
 Directorio de C:\Program Files\Windows NT
16/09/2012  03:38 a.m.    <JUNCTION>     Accesorios [C:\Program Files\Windows NT\Accessories]
               0 archivos              0 bytes
 Directorio de C:\ProgramData
14/07/2009  12:08 a.m.    <JUNCTION>     Application Data [C:\ProgramData]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\ProgramData]
14/07/2009  12:08 a.m.    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
16/09/2012  03:38 a.m.    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  12:08 a.m.    <JUNCTION>     Documents [C:\Users\Public\Documents]
16/09/2012  03:38 a.m.    <JUNCTION>     Escritorio [C:\Users\Public\Desktop]
14/07/2009  12:08 a.m.    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
16/09/2012  03:38 a.m.    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
16/09/2012  03:38 a.m.    <JUNCTION>     Men£ Inicio [C:\ProgramData\Microsoft\Windows\Start Menu]
16/09/2012  03:38 a.m.    <JUNCTION>     Plantillas [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  12:08 a.m.    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  12:08 a.m.    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 archivos              0 bytes
 Directorio de C:\ProgramData\Microsoft\Windows\Start Menu
16/09/2012  03:38 a.m.    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 archivos              0 bytes
 Directorio de C:\Users
14/07/2009  12:08 a.m.    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  12:08 a.m.    <JUNCTION>     Default User [C:\Users\Default]
               0 archivos              0 bytes
 Directorio de C:\Users\All Users
14/07/2009  12:08 a.m.    <JUNCTION>     Application Data [C:\ProgramData]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\ProgramData]
14/07/2009  12:08 a.m.    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
16/09/2012  03:38 a.m.    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  12:08 a.m.    <JUNCTION>     Documents [C:\Users\Public\Documents]
16/09/2012  03:38 a.m.    <JUNCTION>     Escritorio [C:\Users\Public\Desktop]
14/07/2009  12:08 a.m.    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
16/09/2012  03:38 a.m.    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
16/09/2012  03:38 a.m.    <JUNCTION>     Men£ Inicio [C:\ProgramData\Microsoft\Windows\Start Menu]
16/09/2012  03:38 a.m.    <JUNCTION>     Plantillas [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  12:08 a.m.    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  12:08 a.m.    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 archivos              0 bytes
 Directorio de C:\Users\All Users\Microsoft\Windows\Start Menu
16/09/2012  03:38 a.m.    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 archivos              0 bytes
 Directorio de C:\Users\Default
14/07/2009  12:08 a.m.    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
16/09/2012  03:38 a.m.    <JUNCTION>     Configuraci¢n local [C:\Users\Default\AppData\Local]
14/07/2009  12:08 a.m.    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\Users\Default\AppData\Roaming]
16/09/2012  03:38 a.m.    <JUNCTION>     Entorno de red [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/09/2012  03:38 a.m.    <JUNCTION>     Impresoras [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  12:08 a.m.    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Men£ Inicio [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis documentos [C:\Users\Default\Documents]
14/07/2009  12:08 a.m.    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  12:08 a.m.    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/09/2012  03:38 a.m.    <JUNCTION>     Plantillas [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
14/07/2009  12:08 a.m.    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  12:08 a.m.    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
16/09/2012  03:38 a.m.    <JUNCTION>     Reciente [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  12:08 a.m.    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  12:08 a.m.    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  12:08 a.m.    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 archivos              0 bytes
 Directorio de C:\Users\Default\AppData\Local
14/07/2009  12:08 a.m.    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Archivos temporales de Internet [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\Users\Default\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Historial [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  12:08 a.m.    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  12:08 a.m.    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 archivos              0 bytes
 Directorio de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
16/09/2012  03:38 a.m.    <JUNCTION>     Programas [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 archivos              0 bytes
 Directorio de C:\Users\Default\Documents
16/09/2012  03:38 a.m.    <JUNCTION>     Mi m£sica [C:\Users\Default\Music]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis im genes [C:\Users\Default\Pictures]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis v¡deos [C:\Users\Default\Videos]
14/07/2009  12:08 a.m.    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  12:08 a.m.    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  12:08 a.m.    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 archivos              0 bytes
 Directorio de C:\Users\PILAR
16/09/2012  03:38 a.m.    <JUNCTION>     Configuraci¢n local [C:\Users\PILAR\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Cookies [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Cookies]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\Users\PILAR\AppData\Roaming]
16/09/2012  03:38 a.m.    <JUNCTION>     Entorno de red [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/09/2012  03:38 a.m.    <JUNCTION>     Impresoras [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/09/2012  03:38 a.m.    <JUNCTION>     Men£ Inicio [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Start Menu]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis documentos [C:\Users\PILAR\Documents]
16/09/2012  03:38 a.m.    <JUNCTION>     Plantillas [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Templates]
16/09/2012  03:38 a.m.    <JUNCTION>     Reciente [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Recent]
16/09/2012  03:38 a.m.    <JUNCTION>     SendTo [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\SendTo]
               0 archivos              0 bytes
 Directorio de C:\Users\PILAR\AppData\Local
16/09/2012  03:38 a.m.    <JUNCTION>     Archivos temporales de Internet [C:\Users\PILAR\AppData\Local\Microsoft\Windows\Temporary Internet Files]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\Users\PILAR\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Historial [C:\Users\PILAR\AppData\Local\Microsoft\Windows\History]
               0 archivos              0 bytes
 Directorio de C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Start Menu
16/09/2012  03:38 a.m.    <JUNCTION>     Programas [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 archivos              0 bytes
 Directorio de C:\Users\PILAR\Documents
16/09/2012  03:38 a.m.    <JUNCTION>     Mi m£sica [C:\Users\PILAR\Music]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis im genes [C:\Users\PILAR\Pictures]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis v¡deos [C:\Users\PILAR\Videos]
               0 archivos              0 bytes
 Directorio de C:\Users\Public\Documents
16/09/2012  03:38 a.m.    <JUNCTION>     Mi m£sica [C:\Users\Public\Music]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis im genes [C:\Users\Public\Pictures]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis v¡deos [C:\Users\Public\Videos]
14/07/2009  12:08 a.m.    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  12:08 a.m.    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  12:08 a.m.    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 archivos              0 bytes
     Total de archivos en la lista:
               0 archivos              0 bytes
              86 dirs  403,857,141,760 bytes libres
 
< End of report >
 
2) Extras 
 

OTL Extras logfile created on: 28/05/2014 18:26:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PILAR\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0a | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 72,81% Memory free
7,89 Gb Paging File | 6,42 Gb Available in Paging File | 81,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 376,12 Gb Free Space | 89,17% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,56 Gb Free Space | 91,59% Space Free | Partition Type: NTFS
 
Computer Name: PILAR-PC | User Name: PILAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1510572874-1796251914-533295934-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{68C76B54-E842-4FAB-9F53-43EB65653FB8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F3E0FB9F-8E7D-4A18-9D1B-034213D7566A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F2C950F-870D-4B01-9C4F-2560498C9D9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{10557BA9-AF1A-4C55-8D57-3CD30E53EDE9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3CBA4F0F-209B-432A-9DE9-98D5EAC94FE7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4632BD81-7453-44EA-AEE9-7265C51A9317}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5ECEB6EF-EAE9-438B-8FCE-39A27ACAF43F}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{6EB79DBD-2AFB-435D-80DF-10AE6ACD490C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E4025772-5764-49E1-9041-EECB61D27A80}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{F93226DD-B48B-4939-B14B-1065D26BD71B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"TCP Query User{B645EC90-C349-4380-9BD6-ADAA00B33405}C:\users\pilar\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\pilar\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{25200BB0-81FE-464A-909E-589A034C96AB}C:\users\pilar\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\pilar\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0C0A-1000-0000000FF1CE}" = Hacer clic y ejecutar de Microsoft Office 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082" = Microsoft .NET Framework 4.5.1 (español)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D6E5E5FE-83CF-3CFC-AF7A-11F05613705B}" = Microsoft .NET Framework 4.5.1 (ESN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"EPSON TX120 Series" = Desinstalador de impresoras EPSON TX120 Series
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0C0A-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Español
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1034-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Español
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Guía del usuario
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"BrowserProtect" = BrowserProtect
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Internet Telcel Banda Ancha" = Internet Telcel Banda Ancha
"Lenovo Games Console" = Lenovo Games Console
"N360" = Norton 360
"Office14.Click2Run" = Hacer clic y ejecutar de Microsoft Office 2010
"SmartDraw 2014" = SmartDraw 2014
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1510572874-1796251914-533295934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27/04/2014 1:08:10 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/04/2014 10:54:03 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27/04/2014 17:08:18 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02/05/2014 23:04:57 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02/05/2014 23:34:56 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03/05/2014 7:50:32 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03/05/2014 22:35:37 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2014 8:56:48 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2014 9:29:53 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2014 22:40:24 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20/10/2013 14:05:55 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:49:18 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:49:48 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:50:18 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 19/11/2013 19:21:05 | Computer Name = PILAR-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Error de instalación: error de Windows al instalar la siguiente actualización,
 error 0x80246002: Internet Explorer 11 para Windows 7 para sistemas basados en 
x64.
 
Error - 21/11/2013 13:23:34 | Computer Name = PILAR-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21/11/2013 13:26:20 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7043
Description = El servicio Instalador de módulos de Windows no se cerró correctamente
 después de recibir un control de aviso de apagado.
 
Error - 21/11/2013 14:25:11 | Computer Name = PILAR-PC | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 11:57:41 a.m. del ?21/?11/?2013
 resultó inesperado.
 
Error - 21/11/2013 14:25:20 | Computer Name = PILAR-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 02/01/2014 10:13:08 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7034
Description = El servicio Intel® Rapid Storage Technology se terminó de manera
 inesperada. Esto ha sucedido 1 veces.
 
 
< End of report >
 
 
3) asw
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-28 18:39:51
-----------------------------
18:39:51.172    OS Version: Windows x64 6.1.7601 Service Pack 1
18:39:51.172    Number of processors: 4 586 0x2A07
18:39:51.172    ComputerName: PILAR-PC  UserName: PILAR
18:39:55.493    Initialize success
18:46:42.172    AVAST engine defs: 14052801
18:47:21.999    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:47:22.014    Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
18:47:22.139    Disk 0 MBR read successfully
18:47:22.139    Disk 0 MBR scan
18:47:22.155    Disk 0 Windows 7 default MBR code
18:47:22.155    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
18:47:22.186    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       431938 MB offset 411648
18:47:22.186    Disk 0 Partition - 00     0F Extended LBA             29692 MB offset 885020672
18:47:22.217    Disk 0 Partition 3 00     12  Compaq diag NTFS        15109 MB offset 945829888
18:47:22.248    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        29691 MB offset 885022720
18:47:22.311    Disk 0 scanning C:\windows\system32\drivers
18:47:30.933    Service scanning
18:47:33.841    Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20140510.001\BHDrvx64.sys **LOCKED** 5
18:47:37.257    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
18:47:37.444    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
18:47:39.970    Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20140527.001\IDSvia64.sys **LOCKED** 5
18:47:43.056    Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140528.017\ENG64.SYS **LOCKED** 5
18:47:43.230    Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140528.017\EX64.SYS **LOCKED** 5
18:47:58.380    Modules scanning
18:47:58.396    Disk 0 trace - called modules:
18:47:58.427    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:47:58.427    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065e2790]
18:47:58.442    3 CLASSPNP.SYS[fffff880011ce43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800472a050]
18:47:59.860    AVAST engine scan C:\windows
18:48:02.450    AVAST engine scan C:\windows\system32
18:51:04.294    AVAST engine scan C:\windows\system32\drivers
18:51:17.997    AVAST engine scan C:\Users\PILAR
18:53:28.663    Disk 0 MBR has been saved successfully to "C:\Users\PILAR\Desktop\MBR.dat"
18:53:28.663    The log file has been saved successfully to "C:\Users\PILAR\Desktop\aswMBR.txt"
 
:)
 

  • 0

#6
pystryker
Posted 28 May 2014 - 06:33 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Hi,



Here are the fresh logs. Thanks!


Hello, and you are quite welcome. :) While I am perusing your logs, could you post the log from Norton's scan so I can take a look at it, please?

To get to the log file, follow these instructions: Open Norton, click on "History", and the choose "Scan Results" from the drop-down box.
  • 0

#7
charrascan
Posted 29 May 2014 - 10:32 AM

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi,

 

Norton logs:

 

 

Category: Scan Results
Date & Time,Risk,Activity,Status,Task Name,Scan Time (d:h:m:s),Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Total Security Risks Resolved,Total Security Risks Requiring Attention,Tracking Cookies,Tracking Cookies Resolved
28/05/2014 06:16 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:36,"2,650",715,429,940,12,554,594,0,0,0,0,,
23/05/2014 12:07 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:04:42,"3,085",834,429,"1,256",12,554,712,0,0,0,0,,
20/05/2014 09:36 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:34,"2,605",699,429,911,12,554,581,0,0,0,0,,
20/05/2014 09:24 p.m.,Info,Full System Scan results,Completed,Full System Scan,0:00:46:40,"270,562","267,391",514,"1,579","1,069",9,"7,246","19,983",23,23,0,23,23
18/05/2014 10:27 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:31,"2,683",712,429,976,12,554,591,37,0,0,0,,
14/05/2014 09:43 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:20,"2,674",714,429,965,12,554,595,0,0,0,0,,
14/05/2014 05:09 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:17,"2,688",712,429,981,12,554,591,0,0,0,0,,
11/05/2014 09:31 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:55,"2,708",713,429,"1,000",12,554,593,0,0,0,0,,
07/05/2014 07:47 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:33,"2,674",711,429,968,12,554,590,0,0,0,0,,
03/05/2014 10:26 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:33,"2,682",713,429,974,12,554,593,1,0,0,0,,
27/04/2014 10:15 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:00,"2,832",713,429,"1,124",12,554,587,0,0,0,0,,
23/04/2014 07:13 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:41,"2,818",715,429,"1,108",12,554,590,0,0,0,0,,
21/04/2014 07:38 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:05,"2,813",714,429,"1,104",12,554,589,0,0,0,0,,
18/04/2014 08:27 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:10,"3,051",741,429,"1,315",12,554,615,0,0,0,0,,
13/04/2014 05:42 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:49,"2,703",715,429,993,12,554,588,0,0,0,0,,
11/04/2014 08:58 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:25,"2,702",715,429,992,12,554,587,43,0,0,0,,
09/04/2014 10:33 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:51,"2,691",714,429,982,12,554,588,0,0,0,0,,
07/04/2014 10:40 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:02,"6,544","1,238",429,"4,311",12,554,"1,090",0,0,0,0,,
06/04/2014 07:31 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:13,"2,684",713,429,976,12,554,586,0,0,0,0,,
03/04/2014 06:54 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:48,"2,690",715,429,980,12,554,589,0,0,0,0,,
01/04/2014 10:56 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:56,"2,684",713,429,976,12,554,587,0,0,0,0,,
29/03/2014 05:29 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:27,"2,816",717,429,"1,104",12,554,592,0,0,0,0,,
28/03/2014 11:43 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:50,"2,689",714,429,980,12,554,590,5,0,0,0,,
27/03/2014 09:11 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:29,"2,675",711,429,969,12,554,587,0,0,0,0,,
26/03/2014 08:11 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:04,"2,827",715,429,"1,117",12,554,590,0,0,0,0,,
22/03/2014 11:15 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:49,"2,705",713,429,997,12,554,588,0,0,0,0,,
16/03/2014 08:06 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:04:27,"2,711",718,429,998,12,554,590,10,0,0,0,,
09/03/2014 07:50 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:56,"2,693",714,429,984,12,554,589,0,0,0,0,,
02/03/2014 08:44 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:06,"2,379",689,429,695,12,554,569,0,0,0,0,,
01/03/2014 11:51 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:31,"2,693",714,429,984,12,554,590,0,0,0,0,,
21/02/2014 02:40 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:32,"2,696",714,429,987,12,554,591,0,0,0,0,,
06/02/2014 10:45 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:03,"2,680",712,429,973,12,554,587,0,0,0,0,,
02/02/2014 08:19 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:20,"2,824",713,429,"1,116",12,554,590,0,0,0,0,,
28/01/2014 07:20 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:04,"2,683",712,429,976,12,554,590,0,0,0,0,,
27/01/2014 08:54 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:17,"2,664",713,429,956,12,554,593,0,0,0,0,,
27/01/2014 08:23 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:32,"2,687",713,429,979,12,554,593,0,0,0,0,,
25/01/2014 06:06 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:17,"2,675",713,429,967,12,554,590,39,0,0,0,,
23/01/2014 11:29 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:42,"2,661",713,429,953,12,554,591,0,0,0,0,,
22/01/2014 10:36 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:07,"6,377","1,229",429,"4,153",12,554,"1,085",0,0,0,0,,
21/01/2014 10:15 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:41,"2,676",710,429,971,12,554,588,0,0,0,0,,
19/01/2014 06:53 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:32,"2,834",713,429,"1,126",12,554,590,0,0,0,0,,
16/01/2014 01:11 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:36,"2,680",711,429,974,12,554,591,0,0,0,0,,
14/01/2014 10:17 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:09,"2,696",713,429,988,12,554,596,0,0,0,0,,
11/01/2014 11:58 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:26,"2,679",711,429,973,12,554,594,0,0,0,0,,
10/01/2014 03:25 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:24,"2,714",714,429,"1,005",12,554,580,0,0,0,0,,
10/01/2014 12:46 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:24,"2,695",713,429,987,12,554,580,0,0,0,0,,
05/01/2014 12:37 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:10,"2,692",712,429,985,12,554,576,0,0,0,0,,
01/01/2014 10:43 p.m.,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:00:21:22,"177,387","174,698",508,"1,561",66,554,"6,529","91,560",1,1,0,1,1
01/01/2014 10:43 p.m.,Info,Full System Scan results,Completed,Full System Scan,0:00:33:43,"225,659","223,049",514,"1,488",599,9,"6,519","40,854",0,0,0,,
01/01/2014 10:03 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:16,"2,598",700,429,903,12,554,565,56,0,0,0,,
01/01/2014 09:57 p.m.,Info,Quick Scan results,Completed,Quick Scan,0:00:00:32,"2,718",710,429,971,599,9,573,2,3,3,0,3,3
25/11/2013 09:57 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:01,"2,662",705,427,964,12,554,577,0,0,0,0,,
23/11/2013 04:42 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:20,"2,665",709,427,963,12,554,579,0,0,0,0,,
21/11/2013 12:11 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:23,"2,679",710,425,978,12,554,580,0,0,0,0,,
20/11/2013 03:54 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:30,"2,672",708,427,971,12,554,577,0,0,0,0,,
18/11/2013 06:52 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:19,"2,676",704,427,979,12,554,573,50,0,0,0,,
14/11/2013 04:56 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:34,"2,615",697,427,925,12,554,564,0,0,0,0,,
14/11/2013 04:50 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:36,"2,633",696,427,944,12,554,562,0,0,0,0,,
12/11/2013 02:51 p.m.,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:00:43:50,"220,475","217,629",508,"1,582",202,554,"6,247","18,080",1,1,0,1,1
12/11/2013 02:41 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:05:52,"2,667",708,427,966,12,554,578,0,0,0,0,,
12/11/2013 01:01 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:24,"2,688",708,427,987,12,554,571,0,0,0,0,,
11/11/2013 11:53 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:23,"2,696",708,427,995,12,554,573,0,0,0,0,,
26/10/2013 08:17 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:02,"2,669",708,427,968,12,554,569,0,0,0,0,,
20/10/2013 09:28 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:08,"2,654",707,427,954,12,554,566,0,0,0,0,,
20/10/2013 07:55 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:59,"2,673",708,427,972,12,554,567,0,0,0,0,,
14/10/2013 12:50 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:12,"2,672",707,427,972,12,554,561,0,0,0,0,,
12/10/2013 06:16 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:27,"2,682",709,427,980,12,554,569,0,0,0,0,,
01/10/2013 10:17 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:53,"2,670",708,427,969,12,554,571,0,0,0,0,,
27/09/2013 10:46 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:53,"2,696",710,427,993,12,554,566,0,0,0,0,,
22/09/2013 12:23 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:14,"6,851","1,277",427,"4,581",12,554,"1,110",0,0,0,0,,
19/09/2013 05:10 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:49,"2,817",711,427,"1,113",12,554,576,1,0,0,0,,
11/09/2013 09:35 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:19,"2,673",710,427,970,12,554,572,55,0,0,0,,
02/09/2013 09:56 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:30,"2,676",711,427,972,12,554,573,0,0,0,0,,
29/08/2013 06:07 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:25,"6,505","1,290",427,"4,222",12,554,0,0,0,0,0,,
23/08/2013 06:08 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:34,"6,911","1,308",427,"4,610",12,554,0,0,0,0,0,,
19/08/2013 05:52 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:20,"7,346","1,302",427,"5,051",12,554,0,0,0,0,0,,
13/08/2013 11:26 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:41,"6,833","1,312",427,"4,528",12,554,0,0,0,0,0,,
09/08/2013 09:01 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:57,"6,562","1,266",427,"4,303",12,554,0,0,0,0,0,,
04/08/2013 05:49 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:53,"6,862","1,343",427,"4,526",12,554,0,0,0,0,0,,
28/07/2013 08:54 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:33,"6,874","1,304",427,"4,577",12,554,0,0,0,0,0,,
26/07/2013 08:11 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:23,"7,111","1,346",427,"4,772",12,554,0,0,0,0,0,,
22/07/2013 09:31 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:26,"6,636","1,339",427,"4,304",12,554,0,0,0,0,0,,
20/07/2013 11:30 a.m.,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:00:33:57,"214,125","207,638",508,"5,287",138,554,"5,616","19,492",1,1,0,1,1
20/07/2013 11:21 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:04:16,"6,850","1,339",427,"4,518",12,554,0,0,0,0,0,,
19/07/2013 01:19 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:35,"5,402","1,144",428,"3,264",12,554,0,0,0,0,0,,
18/07/2013 10:14 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:08,"6,990","1,333",427,"4,664",12,554,"1,131",7,0,0,0,,
16/06/2013 05:46 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:27,"6,665","1,335",427,"4,337",12,554,"1,131",0,0,0,0,,
11/06/2013 10:23 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:25,"6,324","1,272",427,"4,059",12,554,"1,069",0,0,0,0,,
09/06/2013 05:59 p.m.,Info,Full System Scan results,Completed,Full System Scan,0:00:28:40,"211,365","205,194",508,"5,001",653,9,"5,587","19,626",4,4,0,4,4
09/06/2013 12:57 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:23,"7,565","1,441",427,"5,131",12,554,"1,219",0,0,0,0,,
05/06/2013 08:38 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:37,"7,033","1,299",427,"4,743",12,552,"1,101",7,0,0,0,,
31/05/2013 04:12 p.m.,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:00:29:14,"214,076","207,286",508,"5,030",700,552,"5,379","19,799",1,1,0,1,1
31/05/2013 03:43 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:29,"6,678","1,320",427,"4,367",12,552,"1,115",120,0,0,0,,
28/05/2013 11:12 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:31,"6,681","1,329",427,"4,361",12,552,"1,125",0,0,0,0,,
14/05/2013 06:40 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:30,"6,244","1,258",429,"3,993",12,552,"1,057",0,0,0,0,,
12/05/2013 07:44 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:16,"6,816","1,326",429,"4,497",12,552,"1,112",0,0,0,0,,
05/05/2013 08:59 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:09,"6,902","1,290",429,"4,619",12,552,"1,085",1,0,0,0,,
21/04/2013 03:28 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:33,"6,965","1,295",429,"4,677",12,552,"1,092",0,0,0,0,,
07/04/2013 07:36 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:31,"6,630","1,291",429,"4,346",12,552,"1,074",0,0,0,0,,
28/03/2013 06:43 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:34,"7,402","1,359",428,"5,051",12,552,"1,106",0,0,0,0,,
17/03/2013 07:43 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:14,"6,574","1,268",425,"4,317",12,552,"1,052",1,0,0,0,,
03/03/2013 08:32 a.m.,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:00:24:57,"200,801","193,804",506,"5,227",712,552,"5,053","19,460",1,1,0,1,1
03/03/2013 08:12 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:07,"6,721","1,257",425,"4,475",12,552,"1,050",128,0,0,0,,
02/03/2013 08:37 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:33,"7,089","1,291",425,"4,809",12,552,"1,078",0,0,0,0,,
12/02/2013 09:11 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:25,"6,212","1,235",425,"3,988",12,552,"1,025",0,0,0,0,,
10/02/2013 09:55 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:45,"6,529","1,312",425,"4,228",12,552,"1,098",0,0,0,0,,
05/02/2013 12:11 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:11,"7,063","1,305",425,"4,769",12,552,"1,075",147,0,0,0,,
03/02/2013 03:38 p.m.,Info,Quick Scan results,Completed,Quick Scan,0:00:00:56,"6,987","1,291",425,"4,442",822,7,"1,065",0,3,3,0,3,3
02/02/2013 01:55 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:15,"6,664","1,259",425,"4,416",12,552,"1,030",0,0,0,0,,
24/01/2013 04:09 p.m.,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:00:23:53,"209,634","202,693",506,"5,347",536,552,"4,696","19,529",1,1,0,1,1
24/01/2013 04:02 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:06:41,"6,190","1,236",425,"3,965",12,552,"1,018",75,0,0,0,,
23/01/2013 03:01 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:03:06,"6,596","1,272",423,"4,337",12,552,892,0,0,0,0,,
12/01/2013 07:23 p.m.,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:00:36:42,"213,394","206,455",507,"5,356",524,552,"3,466","20,080",1,1,0,1,1
12/01/2013 05:30 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:31,"7,110","1,297",424,"4,825",12,552,936,0,0,0,0,,
05/01/2013 07:04 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:28,"6,909","1,317",424,"4,604",12,552,965,0,0,0,0,,
02/01/2013 10:14 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:52,"7,600","1,370",424,"5,242",12,552,993,0,0,0,0,,
01/01/2013 10:40 a.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:27,"7,438","1,329",423,"5,122",12,552,964,0,0,0,0,,
29/12/2012 07:03 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:25,"7,295","1,319",423,"4,989",12,552,939,0,0,0,0,,
27/12/2012 01:01 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,1:15:43:35,"6,771","1,282",418,"4,507",12,552,886,1,0,0,0,,
23/12/2012 02:44 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:48,"6,671","1,307",418,"4,382",12,552,887,0,0,0,0,,
21/12/2012 08:31 p.m.,Info,Quick Scan results,Completed,Quick Scan,0:00:00:47,"7,182","1,315",407,"4,701",753,6,907,0,10,10,0,10,10
13/12/2012 08:45 p.m.,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:41,"7,139","1,300",407,"4,869",12,551,797,420,0,0,0,,
09/12/2012 04:24 p.m.,Info,Quick Scan results,Completed,Quick Scan,0:00:00:58,"6,790","1,290",407,"4,323",764,6,760,0,34,34,0,34,34

  • 0

#8
pystryker
Posted 29 May 2014 - 04:44 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

I don't see anything in the Norton scan, but there is adware present on your machine. We'll send that packing though. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Windows Sidebar and Program Uninstall


Please uninstall the following program from your computer as it is a malware related program: Browser Protect


Windows Sidebar

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.


Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
SRV - [2013/03/22 02:33:34 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe -- (srvBrowserProtect)
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://en.eazel.com/...q={searchTerms}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1510572874-1796251914-533295934-1000..\Run: [EPSON TX120 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGL.EXE /FU "C:\windows\TEMP\E_SAE87.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a


:Files
C:\Program Files (x86)\BrowserProtect
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner

Download ADWcleaner by clickingJunkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Fresh OTL Scan
  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.
Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh OTL Scan Log
  • 0

#9
charrascan
Posted 30 May 2014 - 09:32 AM

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi, 

 

something very weird happened after I ran the OTL Fix. My computer rebooted, but the logs didn't poped out so I looked up for them and found them. When I was trying to open it all the icons from my computer changed into the one of the Notepad ... now I can open any program. ... what's going on? :no:


  • 0

#10
pystryker
Posted 30 May 2014 - 10:04 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Hi, 
 
something very weird happened after I ran the OTL Fix. My computer rebooted, but the logs didn't poped out so I looked up for them and found them. When I was trying to open it all the icons from my computer changed into the one of the Notepad ... now I can open any program. ... what's going on? :no:


Reboot the machine, and see if the icons come back.
  • 0

Advertisements

#11
charrascan
Posted 30 May 2014 - 10:14 AM

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Just did. Nothing changed, all programs are still showing the Notepad icon. 


  • 0

#12
pystryker
Posted 30 May 2014 - 11:19 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Just did. Nothing changed, all programs are still showing the Notepad icon.


Ok, please follow the steps at the link below. :thumbsup:

http://support.micro...r_windows/en-us
  • 0

#13
charrascan
Posted 30 May 2014 - 12:19 PM

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

It didn't work. Not only the shortcuts icons in the desktop changed, all of the icons in the computer changed into the notepad icon. Every time I click in one, the notepad opens with a message I can't read. Also, the icons show the name like this : Name.Ink. 


  • 0

#14
pystryker
Posted 30 May 2014 - 02:49 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

It didn't work. Not only the shortcuts icons in the desktop changed, all of the icons in the computer changed into the notepad icon. Every time I click in one, the notepad opens with a message I can't read. Also, the icons show the name like this : Name.Ink.


Ok, this probably was caused by the Windows Sidebar fix. So here's what we're going to do. Use System Restore to restore your machine. However, do not restore it to the system restore point that was created by OTL. That would be the most recent one. Instead, choose the one before it.

Once the machine is restored, we'll start download a fresh copy of OTL and get a new scan.


After restoring the machine, please follow the step below to get us a new OTL scan to work with and we'll get to work. :thumbsup:


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.
  • Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.
firstscangraphic.jpg
  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  • Please post each log in your next reply.

  • 0

#15
charrascan
Posted 30 May 2014 - 05:35 PM

charrascan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

New logs!  :spoton:

 

1)OTL.Txt 

 

 

OTL logfile created on: 30/05/2014 18:22:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PILAR\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0a | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,91% Memory free
7,89 Gb Paging File | 6,43 Gb Available in Paging File | 81,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 377,31 Gb Free Space | 89,45% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,56 Gb Free Space | 91,59% Space Free | Partition Type: NTFS
 
Computer Name: PILAR-PC | User Name: PILAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/30 18:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/25 19:26:31 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\PILAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/04/25 11:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2012/04/24 21:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/09/15 07:13:18 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/06/15 06:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
PRC - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 03:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/28 18:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/14 13:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/02 19:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/25 09:46:45 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ad6e1822cef18d4543465d225d4f6cb6\IAStorCommon.ni.dll
MOD - [2014/03/25 09:46:44 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c31d1cd39535defad1ff804c76d2270\IAStorUtil.ni.dll
MOD - [2014/03/02 11:20:21 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/03/02 11:19:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/03/02 11:19:46 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/03/02 11:19:39 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/03/02 11:19:36 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/03/02 11:19:23 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/03/02 11:19:19 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/03/02 11:19:14 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/04/24 21:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
MOD - [2012/04/24 21:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
MOD - [2011/09/15 07:13:17 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011/09/14 22:18:42 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/12 18:35:42 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/14 17:36:45 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/22 02:33:34 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe -- (srvBrowserProtect)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/14 13:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 09:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/09 16:19:23 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/15 07:23:21 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/09/15 07:23:18 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/09/15 07:20:46 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/09/15 07:20:46 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/09/14 22:29:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/14 22:29:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/14 22:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/07 20:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/02/18 03:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/13 23:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/28 18:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/14 22:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/14 22:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/14 22:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/14 22:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/14 22:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 05:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 01:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 03:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/08/20 22:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/08/16 04:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009/10/21 18:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/10/12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/30 18:05:22 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140530.017\ex64.sys -- (NAVEX15)
DRV - [2014/05/30 18:05:22 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20140530.017\eng64.sys -- (NAVENG)
DRV - [2014/05/29 15:49:26 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20140529.002_a2d\IDSviA64.sys -- (IDSVia64)
DRV - [2014/05/10 01:12:10 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20140510.001_9a3\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/21 12:07:41 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 12:07:40 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://en.eazel.com/...q={searchTerms}
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\SearchScopes\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFF [2014/05/30 17:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2014/05/30 18:09:17 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Skype Click to Call = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\PILAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1510572874-1796251914-533295934-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1510572874-1796251914-533295934-1000..\Run: [EPSON TX120 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGL.EXE /FU "C:\windows\TEMP\E_SAE87.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1510572874-1796251914-533295934-1000..\Run: [Spotify] C:\Users\PILAR\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1510572874-1796251914-533295934-1000..\Run: [Spotify Web Helper] C:\Users\PILAR\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA103418-4FF2-4544-B889-D406AB2E0BA9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71BC1E0-8873-4CB5-A126-325E1CD95626}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa998-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell - "" = AutoRun
O33 - MountPoints2\{569aa9b3-97fe-11e2-a82c-3859f9f80e57}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/30 18:14:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
[2014/05/30 18:05:15 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Roaming\Tific
[2014/05/30 18:05:14 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Local\Symantec
[2014/05/30 17:07:17 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Google Drive
[2014/05/30 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Roaming\systweak
[2014/05/30 13:06:53 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Local\Programs
[2014/05/30 13:00:17 | 000,000,000 | ---D | C] -- C:\Users\PILAR\AppData\Local\ElevatedDiagnostics
[2014/05/30 10:09:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/29 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Documents\Directorio de intercambio Bluetooth
[2014/05/29 11:46:02 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Documents\TELMEX
[2014/05/20 20:05:49 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Desktop\Facturas-Ingresos-2014
[2014/05/20 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\PILAR\Desktop\Facturas-Egresos-2014
[2014/05/07 07:31:39 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/30 18:17:39 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 18:17:39 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 18:15:50 | 000,748,088 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
[2014/05/30 18:15:49 | 001,678,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/30 18:15:49 | 000,654,582 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/30 18:15:49 | 000,159,270 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
[2014/05/30 18:15:49 | 000,122,196 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/30 18:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PILAR\Desktop\OTL.exe
[2014/05/30 18:11:00 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/30 18:10:33 | 000,185,919 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/05/30 18:10:06 | 000,000,480 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (Local).job
[2014/05/30 18:10:06 | 000,000,472 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (TE).job
[2014/05/30 18:08:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/30 18:08:50 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/14 21:40:00 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/14 21:36:18 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/03 22:38:53 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Navegador de Internet.lnk
 
========== Files Created - No Company Name ==========
 
[2012/09/16 04:33:58 | 001,652,248 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/25 06:14:48 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Lenovo
[2013/06/09 13:13:07 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\SmartDraw
[2014/05/30 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\SoftGrid Client
[2014/05/30 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Spotify
[2014/05/30 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\systweak
[2014/05/30 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\Tific
[2012/09/16 04:34:49 | 000,000,000 | ---D | M] -- C:\Users\PILAR\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/09/14 22:27:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/09/14 22:27:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/09/14 22:27:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/09/14 22:27:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/09/14 22:27:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/09/14 22:27:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.ASFX  >
[2014/05/08 08:49:08 | 000,002,544 | ---- | M] () MD5=E34F6F2011E6A981EE46105A813AA6B4 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\es_ES\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX21  >
[2012/09/23 21:43:46 | 000,002,546 | R--- | M] () MD5=DE20C36CDD3208B4E8544397E551C40B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B744BA0000000010\11.0.0\services.asfx21
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 08:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/09/14 22:18:43 | 000,019,456 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\SysNative\es-ES\services.exe.mui
[2011/09/14 22:18:43 | 000,019,456 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5bd95a23fcd260d\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2011/09/14 22:18:40 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\windows\SysNative\es-ES\services.msc
[2011/09/14 22:18:45 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\SysWOW64\es-ES\services.msc
[2011/09/14 22:18:40 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ffff658e1636c000\services.msc
[2011/09/14 22:18:45 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3e0ca0a5dd94eca\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\SoftwareDistribution\Download\f6446aa2f5f86c06820f4e4200db84ac\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SoftwareDistribution\Download\f6446aa2f5f86c06820f4e4200db84ac\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 El volumen de la unidad C no tiene etiqueta.
 El n£mero de serie del volumen es: 5E96-A6F6
 Directorio de C:\
16/09/2012  03:38 a.m.    <JUNCTION>     Archivos de programa [C:\Program Files]
14/07/2009  12:08 a.m.    <JUNCTION>     Documents and Settings [C:\Users]
               0 archivos              0 bytes
 Directorio de C:\Program Files
16/09/2012  03:38 a.m.    <JUNCTION>     Archivos comunes [C:\Program Files\Common Files]
               0 archivos              0 bytes
 Directorio de C:\Program Files\Windows NT
16/09/2012  03:38 a.m.    <JUNCTION>     Accesorios [C:\Program Files\Windows NT\Accessories]
               0 archivos              0 bytes
 Directorio de C:\ProgramData
14/07/2009  12:08 a.m.    <JUNCTION>     Application Data [C:\ProgramData]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\ProgramData]
14/07/2009  12:08 a.m.    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
16/09/2012  03:38 a.m.    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  12:08 a.m.    <JUNCTION>     Documents [C:\Users\Public\Documents]
16/09/2012  03:38 a.m.    <JUNCTION>     Escritorio [C:\Users\Public\Desktop]
14/07/2009  12:08 a.m.    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
16/09/2012  03:38 a.m.    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
16/09/2012  03:38 a.m.    <JUNCTION>     Men£ Inicio [C:\ProgramData\Microsoft\Windows\Start Menu]
16/09/2012  03:38 a.m.    <JUNCTION>     Plantillas [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  12:08 a.m.    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  12:08 a.m.    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 archivos              0 bytes
 Directorio de C:\ProgramData\Microsoft\Windows\Start Menu
16/09/2012  03:38 a.m.    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 archivos              0 bytes
 Directorio de C:\Users
14/07/2009  12:08 a.m.    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  12:08 a.m.    <JUNCTION>     Default User [C:\Users\Default]
               0 archivos              0 bytes
 Directorio de C:\Users\All Users
14/07/2009  12:08 a.m.    <JUNCTION>     Application Data [C:\ProgramData]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\ProgramData]
14/07/2009  12:08 a.m.    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
16/09/2012  03:38 a.m.    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  12:08 a.m.    <JUNCTION>     Documents [C:\Users\Public\Documents]
16/09/2012  03:38 a.m.    <JUNCTION>     Escritorio [C:\Users\Public\Desktop]
14/07/2009  12:08 a.m.    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
16/09/2012  03:38 a.m.    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
16/09/2012  03:38 a.m.    <JUNCTION>     Men£ Inicio [C:\ProgramData\Microsoft\Windows\Start Menu]
16/09/2012  03:38 a.m.    <JUNCTION>     Plantillas [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  12:08 a.m.    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  12:08 a.m.    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 archivos              0 bytes
 Directorio de C:\Users\All Users\Microsoft\Windows\Start Menu
16/09/2012  03:38 a.m.    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 archivos              0 bytes
 Directorio de C:\Users\Default
14/07/2009  12:08 a.m.    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
16/09/2012  03:38 a.m.    <JUNCTION>     Configuraci¢n local [C:\Users\Default\AppData\Local]
14/07/2009  12:08 a.m.    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\Users\Default\AppData\Roaming]
16/09/2012  03:38 a.m.    <JUNCTION>     Entorno de red [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/09/2012  03:38 a.m.    <JUNCTION>     Impresoras [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  12:08 a.m.    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Men£ Inicio [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis documentos [C:\Users\Default\Documents]
14/07/2009  12:08 a.m.    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  12:08 a.m.    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/09/2012  03:38 a.m.    <JUNCTION>     Plantillas [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
14/07/2009  12:08 a.m.    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  12:08 a.m.    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
16/09/2012  03:38 a.m.    <JUNCTION>     Reciente [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  12:08 a.m.    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  12:08 a.m.    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  12:08 a.m.    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 archivos              0 bytes
 Directorio de C:\Users\Default\AppData\Local
14/07/2009  12:08 a.m.    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Archivos temporales de Internet [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\Users\Default\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Historial [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  12:08 a.m.    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  12:08 a.m.    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 archivos              0 bytes
 Directorio de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
16/09/2012  03:38 a.m.    <JUNCTION>     Programas [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 archivos              0 bytes
 Directorio de C:\Users\Default\Documents
16/09/2012  03:38 a.m.    <JUNCTION>     Mi m£sica [C:\Users\Default\Music]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis im genes [C:\Users\Default\Pictures]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis v¡deos [C:\Users\Default\Videos]
14/07/2009  12:08 a.m.    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  12:08 a.m.    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  12:08 a.m.    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 archivos              0 bytes
 Directorio de C:\Users\PILAR
16/09/2012  03:38 a.m.    <JUNCTION>     Configuraci¢n local [C:\Users\PILAR\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Cookies [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Cookies]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\Users\PILAR\AppData\Roaming]
16/09/2012  03:38 a.m.    <JUNCTION>     Entorno de red [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/09/2012  03:38 a.m.    <JUNCTION>     Impresoras [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/09/2012  03:38 a.m.    <JUNCTION>     Men£ Inicio [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Start Menu]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis documentos [C:\Users\PILAR\Documents]
16/09/2012  03:38 a.m.    <JUNCTION>     Plantillas [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Templates]
16/09/2012  03:38 a.m.    <JUNCTION>     Reciente [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Recent]
16/09/2012  03:38 a.m.    <JUNCTION>     SendTo [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\SendTo]
               0 archivos              0 bytes
 Directorio de C:\Users\PILAR\AppData\Local
16/09/2012  03:38 a.m.    <JUNCTION>     Archivos temporales de Internet [C:\Users\PILAR\AppData\Local\Microsoft\Windows\Temporary Internet Files]
16/09/2012  03:38 a.m.    <JUNCTION>     Datos de programa [C:\Users\PILAR\AppData\Local]
16/09/2012  03:38 a.m.    <JUNCTION>     Historial [C:\Users\PILAR\AppData\Local\Microsoft\Windows\History]
               0 archivos              0 bytes
 Directorio de C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Start Menu
16/09/2012  03:38 a.m.    <JUNCTION>     Programas [C:\Users\PILAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 archivos              0 bytes
 Directorio de C:\Users\PILAR\Documents
16/09/2012  03:38 a.m.    <JUNCTION>     Mi m£sica [C:\Users\PILAR\Music]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis im genes [C:\Users\PILAR\Pictures]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis v¡deos [C:\Users\PILAR\Videos]
               0 archivos              0 bytes
 Directorio de C:\Users\Public\Documents
16/09/2012  03:38 a.m.    <JUNCTION>     Mi m£sica [C:\Users\Public\Music]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis im genes [C:\Users\Public\Pictures]
16/09/2012  03:38 a.m.    <JUNCTION>     Mis v¡deos [C:\Users\Public\Videos]
14/07/2009  12:08 a.m.    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  12:08 a.m.    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  12:08 a.m.    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 archivos              0 bytes
     Total de archivos en la lista:
               0 archivos              0 bytes
              86 dirs  405,132,206,080 bytes libres
 
< End of report >
 
2) Extras
 

OTL Extras logfile created on: 30/05/2014 18:22:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PILAR\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c0a | Country: México | Language: ESM | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,91% Memory free
7,89 Gb Paging File | 6,43 Gb Available in Paging File | 81,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 377,31 Gb Free Space | 89,45% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,56 Gb Free Space | 91,59% Space Free | Partition Type: NTFS
 
Computer Name: PILAR-PC | User Name: PILAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1510572874-1796251914-533295934-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{68C76B54-E842-4FAB-9F53-43EB65653FB8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F3E0FB9F-8E7D-4A18-9D1B-034213D7566A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F2C950F-870D-4B01-9C4F-2560498C9D9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{10557BA9-AF1A-4C55-8D57-3CD30E53EDE9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3CBA4F0F-209B-432A-9DE9-98D5EAC94FE7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4632BD81-7453-44EA-AEE9-7265C51A9317}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5ECEB6EF-EAE9-438B-8FCE-39A27ACAF43F}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{6EB79DBD-2AFB-435D-80DF-10AE6ACD490C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E4025772-5764-49E1-9041-EECB61D27A80}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{F93226DD-B48B-4939-B14B-1065D26BD71B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"TCP Query User{B645EC90-C349-4380-9BD6-ADAA00B33405}C:\users\pilar\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\pilar\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{25200BB0-81FE-464A-909E-589A034C96AB}C:\users\pilar\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\pilar\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0C0A-1000-0000000FF1CE}" = Hacer clic y ejecutar de Microsoft Office 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082" = Microsoft .NET Framework 4.5.1 (español)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D6E5E5FE-83CF-3CFC-AF7A-11F05613705B}" = Microsoft .NET Framework 4.5.1 (ESN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"EPSON TX120 Series" = Desinstalador de impresoras EPSON TX120 Series
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0C0A-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Español
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1034-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Español
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Guía del usuario
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"BrowserProtect" = BrowserProtect
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Internet Telcel Banda Ancha" = Internet Telcel Banda Ancha
"Lenovo Games Console" = Lenovo Games Console
"N360" = Norton 360
"Office14.Click2Run" = Hacer clic y ejecutar de Microsoft Office 2010
"SmartDraw 2014" = SmartDraw 2014
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1510572874-1796251914-533295934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13/05/2014 8:40:51 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14/05/2014 17:47:32 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14/05/2014 17:56:36 | Computer Name = PILAR-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 14/05/2014 23:00:17 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14/05/2014 23:06:33 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18/05/2014 23:03:37 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19/05/2014 22:15:03 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20/05/2014 9:18:15 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20/05/2014 12:32:09 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20/05/2014 13:03:42 | Computer Name = PILAR-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20/10/2013 14:05:55 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:49:18 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:49:48 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 27/10/2013 23:50:18 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio N360.
 
Error - 19/11/2013 19:21:05 | Computer Name = PILAR-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Error de instalación: error de Windows al instalar la siguiente actualización,
 error 0x80246002: Internet Explorer 11 para Windows 7 para sistemas basados en 
x64.
 
Error - 21/11/2013 13:23:34 | Computer Name = PILAR-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21/11/2013 13:26:20 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7043
Description = El servicio Instalador de módulos de Windows no se cerró correctamente
 después de recibir un control de aviso de apagado.
 
Error - 21/11/2013 14:25:11 | Computer Name = PILAR-PC | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 11:57:41 a.m. del ?21/?11/?2013
 resultó inesperado.
 
Error - 21/11/2013 14:25:20 | Computer Name = PILAR-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 02/01/2014 10:13:08 | Computer Name = PILAR-PC | Source = Service Control Manager | ID = 7034
Description = El servicio Intel® Rapid Storage Technology se terminó de manera
 inesperada. Esto ha sucedido 1 veces.
 
 
< End of report >
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Infostealer.snifula

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP